diff options
Diffstat (limited to 'test/results/ip_lists_disable')
| -rw-r--r-- | test/results/ip_lists_disable/1kxun.pcap.out | 336 |
1 files changed, 168 insertions, 168 deletions
diff --git a/test/results/ip_lists_disable/1kxun.pcap.out b/test/results/ip_lists_disable/1kxun.pcap.out index 4b072c7ed..82d31e116 100644 --- a/test/results/ip_lists_disable/1kxun.pcap.out +++ b/test/results/ip_lists_disable/1kxun.pcap.out @@ -1,31 +1,31 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1470104373127416,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373127416,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OosAAAER2FvAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232309,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104373232309,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMBcAAAER01nAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232309,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232309,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232452,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104373232452,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOowAAAERyPHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232452,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232452,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373741279,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00932{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104373741279,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"} -00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373741279,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dhcp": {"fingerprint":"","class_ident":""}}} +01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373741279,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dhcp": {"fingerprint":"","class_ident":""}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104375419022,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104375419022,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1470104375419022,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104375419022,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017777,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104376017777,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017777,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017777,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017883,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104376017883,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfhwAAAERhWTAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017883,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017883,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1470104376203389,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104376203389,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMIoAAAER0ubAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1470104376301439,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104376301439,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOpEAAAERyOzAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376301823,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104376301823,"pkt":"\/\/\/\/\/\/\/\/cD6s8PAHCABFAAFIDscAAP8Rq94AAAAA\/\/\/\/\/wBEAEMBNJGnAQEGAAYPv1sAAAAAAAAAAAAAAAAAAAAAAAAAAHA+rPDwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAXA+rPDwBzIEwKgD7TMEAHanAAwEU2hlbv8AAAAAAAAAAAAAAAAAAAAA"} -01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376301823,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen","dhcp": {"fingerprint":"1,121,3,6,15,119,252","class_ident":""}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376301823,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen","domainame":"shen","dhcp": {"fingerprint":"1,121,3,6,15,119,252","class_ident":""}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104376816620,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376816620,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376816620,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104376816620,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiWgLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAAA="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104376816620,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376816620,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -38,40 +38,40 @@ 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104377634537,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634537,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634699,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104377634699,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLQAAAQRv8LAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634699,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634699,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377720702,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377720702,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377720702,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377720702,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377720702,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377720702,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377720761,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377720761,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734137,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1470104377734137,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} -01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734137,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734137,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1470104377734181,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} -01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734181,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734181,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1470104377753112,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="} -01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1470104377753112,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}}} +01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1470104377753112,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["106.185.35.110,ttl=299","106.185.35.112,ttl=299"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104377754759,"flow_dst_last_pkt_time":1470104377754759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377754759,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377754759,"flow_dst_last_pkt_time":1470104377754759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377754759,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377754800,"flow_dst_last_pkt_time":1470104377754759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377754800,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377754800,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377810946,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1470104377811088,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104377811088,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcVAAIAG5zLAqHMIarkjbsG9AFA9WFFhc+savVAQAQQNiQAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1470104377811114,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104377811114,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcVAAIAG5zLAqHMIarkjbsG9AFA9WFFhc+savVAQAQQNiQAA"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104377818917,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377818917,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104377818917,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377818917,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377820966,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377820966,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377820998,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377839257,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104377839257,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="} 00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377839581,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104377839581,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104377901018,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104377901065,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":36,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901065,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":36,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901065,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378005826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104378005826,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378005826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104378005826,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104378007003,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378021294,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378021294,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378021294,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} +00973{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378021294,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad","domainame":"wpad"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378021336,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378021336,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378045036,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104378045036,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378045058,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} @@ -83,7 +83,7 @@ 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104378045830,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378454680,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104378454823,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxYAAAER6ZnAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104378557102,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378557102,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -94,29 +94,29 @@ 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1470104378771017,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378771017,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104378901305,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104378901349,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -01199{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901349,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901349,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1470104378905035,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"} -01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104378905035,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}}} +01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104378905035,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["222.73.254.167,ttl=563","222.73.254.113,ttl=563"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104378906497,"flow_dst_last_pkt_time":1470104378906497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378906497,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378906497,"flow_dst_last_pkt_time":1470104378906497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378906497,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378906535,"flow_dst_last_pkt_time":1470104378906497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378906535,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1470104378954523,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"} -01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104378954523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}}} +01148{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104378954523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["222.73.254.113,ttl=599","222.73.254.167,ttl=599"]}}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378967066,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104378967066,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378967195,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104378967195,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1470104378906535,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378970623,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1470104378970825,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104378970825,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdBAAIAGmF3AqHMI3kn+p8G+AFDrM0BwhweMfFAQAQSc9wAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1470104378970860,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104378970860,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdBAAIAGmF3AqHMI3kn+p8G+AFDrM0BwhweMfFAQAQSc9wAA"} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104378975363,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378975363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104378975363,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378975363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066410,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1470104379066410,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} -01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066410,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066410,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1470104379066467,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} -01194{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066467,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066467,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1470104379115963,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="} -01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1470104379115963,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}}} +01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1470104379115963,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["106.187.35.246,ttl=599","128.199.186.232,ttl=599","128.199.111.169,ttl=599","106.186.19.58,ttl=599"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104379117273,"flow_dst_last_pkt_time":1470104379117273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379117273,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379117273,"flow_dst_last_pkt_time":1470104379117273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379117273,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379117309,"flow_dst_last_pkt_time":1470104379117273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379117309,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} @@ -159,12 +159,12 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379119006,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379173449,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379173557,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379173557,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd9AAIAG5o7AqHMIarsj9sHDAFDIiN5dFUl7LVAQAQTy\/QAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379173583,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379173583,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd9AAIAG5o7AqHMIarsj9sHDAFDIiN5dFUl7LVAQAQTy\/QAA"} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379117772,"flow_src_last_pkt_time":1470104379175159,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175159,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104379175159,"flow_dst_last_pkt_time":1470104379170482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175159,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379119336,"flow_src_last_pkt_time":1470104379175928,"flow_dst_last_pkt_time":1470104379170066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175928,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118171,"flow_src_last_pkt_time":1470104379175928,"flow_dst_last_pkt_time":1470104379170277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175928,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118544,"flow_src_last_pkt_time":1470104379177479,"flow_dst_last_pkt_time":1470104379173117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379177479,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104379178474,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379178474,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379117772,"flow_src_last_pkt_time":1470104379175159,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175159,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104379175159,"flow_dst_last_pkt_time":1470104379170482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175159,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379119336,"flow_src_last_pkt_time":1470104379175928,"flow_dst_last_pkt_time":1470104379170066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175928,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118171,"flow_src_last_pkt_time":1470104379175928,"flow_dst_last_pkt_time":1470104379170277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175928,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118544,"flow_src_last_pkt_time":1470104379177479,"flow_dst_last_pkt_time":1470104379173117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379177479,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104379178474,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379178474,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379271247,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104379271247,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379271401,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104379271401,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104379271484,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} @@ -177,7 +177,7 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379520893,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104379520893,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1470104379579523,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} -01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1470104379579704,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379887477,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104379887477,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379903616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -189,11 +189,11 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379903698,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379940364,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379940552,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379940552,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUghAAIAG5u\/AqHMIarkjbsHFAFDej0WcKkQEKVAQAQTYSQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379940588,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379940588,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUghAAIAG5u\/AqHMIarkjbsHFAFDej0WcKkQEKVAQAQTYSQAA"} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379941700,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379941700,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379941700,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379941700,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379916943,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379954670,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379954937,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379954937,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379955007,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379955007,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"} -01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104379956802,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379956802,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104379956802,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379956802,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}} 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380141237,"flow_dst_last_pkt_time":1470104380142241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":20160,"midstream":0,"thread_ts_usec":1470104380142241,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":14506.6,"max":146838,"stddev":33179.1,"var":1100853504.0,"ent":2.6,"data": [56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113]},"pktlen": {"min":40,"avg":693.6,"max":1300,"stddev":612.0,"var":374554.6,"ent":4.3,"data": [52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1],"entropies": [4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013]},"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380188079,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380188079,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380188079,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380188079,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} @@ -201,22 +201,22 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380188122,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380300643,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1470104380300823,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380300823,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhVAAIAGEmvAqHMI2vSHqsHHI4t8ty1\/KILEY1AQAQScEQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1470104380300850,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380300850,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhVAAIAGEmvAqHMI2vSHqsHHI4t8ty1\/KILEY1AQAQScEQAA"} -01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380302072,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380302072,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170","http": {"url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}} +01400{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380302072,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380302072,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170","domainame":"218.244.135.170","http": {"url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380603356,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104380603356,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737950,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104380737950,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} -01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737950,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737950,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104380737994,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} -01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737994,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737994,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1470104380772526,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="} -01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1470104380772526,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}}} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1470104380772526,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["203.205.151.234,ttl=299"]}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380773662,"flow_src_last_pkt_time":1470104380773662,"flow_dst_last_pkt_time":1470104380773662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380773662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380773662,"flow_dst_last_pkt_time":1470104380773662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380773662,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380773739,"flow_dst_last_pkt_time":1470104380773662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380773739,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380773739,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380801749,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1470104380801884,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380801884,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhxAAIAGEUvAqHMIy82X6sHIAFAfZnbYJWMDbFAQAQSWQQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1470104380801910,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380801910,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhxAAIAGEUvAqHMIy82X6sHIAFAfZnbYJWMDbFAQAQSWQQAA"} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380773662,"flow_src_last_pkt_time":1470104380807804,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380807804,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"vv.video.qq.com","http": {"url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0","request_content_type":"application\/x-www-form-urlencoded"}}} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380773662,"flow_src_last_pkt_time":1470104380807804,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380807804,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","http": {"url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0","request_content_type":"application\/x-www-form-urlencoded"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104380890420,"flow_dst_last_pkt_time":1470104380890420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380890420,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380890420,"flow_dst_last_pkt_time":1470104380890420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380890420,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380890470,"flow_dst_last_pkt_time":1470104380890420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380890470,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} @@ -225,22 +225,22 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380890470,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1470104380966940,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1470104380967069,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380967069,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiFAAIAGFu7AqHMIKngzmMHJH5CKzmkIwyC\/m1AQ\/\/DGNQAA"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1470104380967094,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380967094,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiFAAIAGFu7AqHMIKngzmMHJH5CKzmkIwyC\/m1AQ\/\/DGNQAA"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104380968230,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380968230,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152","http": {"url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0","request_content_type":"application\/x-www-form-urlencoded"}}} +01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104380968230,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380968230,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152","domainame":"42.120.51.152","http": {"url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0","request_content_type":"application\/x-www-form-urlencoded"}}} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381115496,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104381115496,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381217455,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217455,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381217455,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381217455,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381217455,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217455,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217586,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104381217586,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00973{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217586,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217586,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381237806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381237806,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381237806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104381237806,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381238763,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381238800,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381238800,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104381239406,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381240437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381240437,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"} -01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381626995,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381831288,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104381831288,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381895304,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -257,7 +257,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381895349,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1470104381968167,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381968358,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104381968358,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUi9AAIAGjNvAqHMIt4MwkcHMAFBbXvERj2zYOlAQ\/\/Ad6gAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381968391,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104381968391,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUi9AAIAGjNvAqHMIt4MwkcHMAFBbXvERj2zYOlAQ\/\/Ad6gAA"} -01626{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381978984,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381978984,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145","http": {"url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}} +01655{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381978984,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381978984,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145","domainame":"183.131.48.145","http": {"url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382036037,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104382036037,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104382038651,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382053678,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382053678,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -267,14 +267,14 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1470104382053709,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1470104382122949,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382123077,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104382123077,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1470104382123103,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104382123103,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"} -01697{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125031,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382125031,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}} -01724{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125065,"flow_dst_last_pkt_time":1470104382192288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":281,"midstream":0,"thread_ts_usec":1470104382192288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}} +01726{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125031,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382125031,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.144","domainame":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}} +01753{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125065,"flow_dst_last_pkt_time":1470104382192288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":281,"midstream":0,"thread_ts_usec":1470104382192288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144","domainame":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382241911,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382242882,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382242882,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfYYAAAERhhrAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382242882,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382242882,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382243140,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382243140,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMNEAAAER0p\/AqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1470104382243529,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104382243529,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNN4pAgEGAP54u0wAAAAAwKgFMcCoBTHAqHcBAAAAAOix\/Kv7sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382345385,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382345385,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOq0AAAERyNDAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} @@ -286,13 +286,13 @@ 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382448739,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448739,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448863,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104382448863,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCesAAAQR9onAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00973{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448863,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448863,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_usec":1470104382857884,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104382858294,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed8AAAERmPvAqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1470104383675559,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104383675559,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLYAAAQRv8DAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104383810371,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104383810371,"pkt":"TF4M6gNlYMVHBbyMCABFAAFI+0MAAEARgP\/AqAUQwKh3AQBEAEMBNFvxAQEGABeXwMwAAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} -01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104383810371,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air","dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}} +01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104383810371,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air","domainame":"macbook-air","dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383815221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104383815221,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbOAgEGABeXwMwAAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1470104384085549,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104384085549,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEMAAAER2QfAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1470104384085672,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104384085672,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAshosLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAt0="} @@ -324,11 +324,11 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390443500,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1470104390640525,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1470104390640578,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390640578,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"} 00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1470104390642049,"pkt":"TF4M6gNlYMVHBbyMCABFAAE9+GJAAEAGOTHAqAUQROn9hdF4AFAesUW5djjve4AYEBVNJgAAAQEIChoPPQXPHh84R0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390838554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390838554,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} +01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00961{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390945416,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104390945416,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199899,"flow_dst_last_pkt_time":1470104391199899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104391199899,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1470104391199899,"flow_dst_last_pkt_time":1470104391199899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104391199899,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} @@ -347,26 +347,26 @@ 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1470104391458729,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104391458729,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCe4AAAQR9obAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391564386,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104391564386,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHugAAIARlnrAqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391564386,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap"}} +00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391564386,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap","domainame":"isatap"}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072031,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392072031,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104392072031,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tXCABFAAFZOwBAAEARsV\/AqIyM\/\/\/\/\/\/YA9gABRQTx\/\/\/Z1aAAwKC7c+tXwKiMjAAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tXQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI2AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqIyM\/\/8AAFBvcnQgOAAAIAGwIAAGAADCoLv\/\/nPrV0A="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072989,"flow_src_last_pkt_time":1470104392072989,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392072989,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00999{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1470104392072989,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_usec":1470104392072989,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRMAf\/D9nVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392380243,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104392380243,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOckUAAEARgdzAqAUtwKj\/\/+mNAIkAOs9OABUBEAABAAAAAAAAIEZERUJFT0VLRUpDTkVNRUpFR0VGRUNFUEVQRUxDTkNBAAAgAAE="} -00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392380243,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392380243,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104392380425,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsg0sLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACBh0="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393097082,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393097082,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxQAAIARlk7AqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1470104393302618,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104393302618,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFMAAAER7zHAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610238,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610238,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393610238,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOGrEAAEAR2XDAqAUtwKj\/\/+hFAIkAOjOmABcBEAABAAAAAAAAIEVIRUdFSkVNRUZDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAE="} -00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610238,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610238,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gfile"}} +00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610238,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610238,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gfile","domainame":"gfile"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393610386,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOnJgAAEARV4nAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} -00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile"}} +00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile","domainame":"nasfile"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610555,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} -01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} +01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393610744,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610744,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393611090,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393813792,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393813792,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} @@ -388,16 +388,16 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1470104397090815,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104397090815,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfi8AAAERhVHAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397091815,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397091815,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104397091815,"pkt":"\/\/\/\/\/\/\/\/cPGh+Cr9CABFAAFIAzMAAIARcMHAqAUJ\/\/\/\/\/wBEAEMBND1aAQEGAPwPedgAAIAAwKgFCQAAAAAAAAAAAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBcPGh+Cr9DAlKb2FubmEtUEM8CE1TRlQgNS4wNw0BDwMGLC4vHyF5+Sv8\/wAAAAAAAAAAAAAA"} -01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397091815,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397091815,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397091815,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397091815,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc","domainame":"joanna-pc","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1470104397192245,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104397192245,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ1QAAAERfDTAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1470104397396994,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104397396994,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCfAAAAQR9oTAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397807877,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397807877,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104397807877,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00973{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397807877,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397807877,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397807877,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397807877,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104398314933,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398832807,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104398832807,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398832807,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local","mdns": {}}} +01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398832807,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local","domainame":"_googlecast._tcp.local","mdns": {}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398932814,"flow_src_last_pkt_time":1470104398932814,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398932814,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1470104398932814,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104398932814,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -420,10 +420,10 @@ 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1470104400059456,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104400059456,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfjEAAAERhU\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162264,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"thread_ts_usec":1470104400162264,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIkCfEAAAQR9QTAqAUx7\/\/\/+gdsB2wCELIPTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovLzE5Mi4xNjguNS40OToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="} -00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162264,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162264,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162411,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":528,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162411,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"thread_ts_usec":1470104400162411,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAhgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIYYQNOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vW2ZlODA6OjliZDo4MWRkOjJmZGM6NTc1MF06Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} -00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162411,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":528,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162411,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"[ff02::c]:1900"}} +00999{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162411,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":528,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162411,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"[ff02::c]:1900","domainame":"[ff02::c]:1900"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400366719,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104400366719,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7cAAAERxybAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} 01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400366790,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1470104400366790,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIWCfIAAAQR9RHAqAUx7\/\/\/+gdsB2wCAmnTTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb25uZWN0aW9uTWFuYWdlcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vMTkyLjE2OC41LjQ5OjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400366956,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":576,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":576,"pkt_l4_len":522,"thread_ts_usec":1470104400366956,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAgoRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIKzRJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly9bZmU4MDo6OWJkOjgxZGQ6MmZkYzo1NzUwXToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} @@ -444,9 +444,9 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104402239704,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402239746,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402239746,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104402240297,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402241217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402241217,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"} -01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1470104402518151,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -524,7 +524,7 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_src_last_pkt_time":1470104412962345,"flow_dst_last_pkt_time":1470104412556263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104412962345,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeYAAAERmPTAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104413679149,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104413679149,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104413679149,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"} -01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":833,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104413679149,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104413679149,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":833,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104413679149,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104413679149,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc","domainame":"kevin-pc","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}} 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104383815221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104413815837,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104413817995,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbNAgEGABeXwM0AAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414296205,"flow_src_last_pkt_time":1470104414296205,"flow_dst_last_pkt_time":1470104414296205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1093,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1093,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104414296205,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -541,14 +541,14 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414301595,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414301595,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414301849,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301849,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104414302554,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414303590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414303590,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"} -01556{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01585{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1470104414395988,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} -01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1470104414402314,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="} -01103{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":859,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1470104414402314,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}}} +01199{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":859,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1470104414402314,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["203.69.81.73,ttl=5","203.69.81.66,ttl=5","61.220.62.218,ttl=5"]}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414404078,"flow_src_last_pkt_time":1470104414404078,"flow_dst_last_pkt_time":1470104414404078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414404078,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414404078,"flow_dst_last_pkt_time":1470104414404078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104414404078,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414404981,"flow_src_last_pkt_time":1470104414404981,"flow_dst_last_pkt_time":1470104414404981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414404981,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -558,9 +558,9 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414404981,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1470104414407965,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414407997,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414407997,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1470104414408704,"pkt":"TF4M6gNlYMVHBbyMCABFAAFAl1xAAEAGwBTAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AYEBWl1AAAAQEIChoPma8bhF1HR0VUIC9yL3RhbGsvbS80Njk3NzE2OTcxNTAwL3ByZXZpZXcgSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IGRsLW9icy5vZmZpY2lhbC5saW5lLm5hdmVyLmpwDQpVc2VyLUFnZW50OiBERVNLVE9QOk1BQzoxMC4xMC41LVlPU0VNSVRFKDQuNy4yKQ0KWC1MaW5lLUFwcGxpY2F0aW9uOiBERVNLVE9QTUFDCTQuNy4yCU1BQwkxMC4xMC41LVlPU0VNSVRFDQoNCg=="} -01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414404981,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414408704,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp","http": {"url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414404981,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414408704,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","http": {"url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1470104414408737,"pkt":"TF4M6gNlYMVHBbyMCABFAAFATvVAAEAGCHzAqAUQy0VRSdF7AFCoMQrPv\/BSvYAYEBUpZwAAAQEIChoPma8bhF1GR0VUIC9yL3RhbGsvbS80Njk3NzE2OTU0Njg4L3ByZXZpZXcgSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IGRsLW9icy5vZmZpY2lhbC5saW5lLm5hdmVyLmpwDQpVc2VyLUFnZW50OiBERVNLVE9QOk1BQzoxMC4xMC41LVlPU0VNSVRFKDQuNy4yKQ0KWC1MaW5lLUFwcGxpY2F0aW9uOiBERVNLVE9QTUFDCTQuNy4yCU1BQwkxMC4xMC41LVlPU0VNSVRFDQoNCg=="} -01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":869,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414404078,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414408737,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp","http": {"url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":869,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414404078,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414408737,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","http": {"url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414414084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414414084,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0itRAADsG0qjLRVFJwKgFEABQ0Xzxz9ef9giR3YAQA6tBGgAAAQEIChuEXUsaD5mv"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414415614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414415614,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0D\/ZAADsGTYfLRVFJwKgFEABQ0Xu\/8FK9qDEL24AQA6vLtgAAAQEIChuEXUsaD5mv"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416855491,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104416855491,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -598,9 +598,9 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104423247634,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1470104423247712,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423247712,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104423248266,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423249191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423249191,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"} -01556{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01585{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104403029956,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi"}} 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104423102951,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -625,7 +625,7 @@ 02207{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":968,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104424311883,"flow_dst_last_pkt_time":1470104379310452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":723,"flow_dst_tot_l4_payload_len":22966,"midstream":0,"thread_ts_usec":1470104424311883,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":1464012.6,"max":45001141,"stddev":7948794.0,"var":63183326806016.0,"ent":0.1,"data": [34,54477,54551,26,4891,45,65495,70,68,364,89,71,208,46,29,27,25,61484,19,69006,62,56,48,731,52,51,51,454,70696,24,45001141]},"pktlen": {"min":40,"avg":781.6,"max":1300,"stddev":593.2,"var":351838.7,"ent":4.4,"data": [52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0],"entropies": [4.578932762,4.578932762,5.032077789,4.884183884,4.884183884,5.794129372,5.794129372,4.434307098,5.652597904,7.484868050,7.818575859,7.782110691,7.797027111,7.823266506,7.845933437,7.821538448,7.845500469,7.838393688,4.834183693,4.834183693,7.836544514,7.832671165,7.837013721,7.831301689,7.829290867,7.832065582,7.849477768,7.838781357,7.842006683,4.884183884,4.884183884,4.829466343]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":985,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104424738880,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424738880,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104424738880,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} -00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":985,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104424738880,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424738880,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sc.arrancar.org"}} +00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":985,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104424738880,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424738880,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sc.arrancar.org","domainame":"sc.arrancar.org"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_src_last_pkt_time":1470104425455832,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104425455832,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1470104425762971,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104425762971,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104425786054,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"} @@ -689,34 +689,34 @@ 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} 01155{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":692,"global_ts_usec":1654385119050609} +00818{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":692,"global_ts_usec":1654385119050609} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1654385119358297,"pkt":"nLbQ0+MztKXvZygQCABFAADxLm1AADYGSK+saF1cwKgCfgTS7iKfF2Naesk4goAYAfnUtgAAAQEICryhqPBm1jWvSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IFMxR1lPY3ZzV3BRa0lpb3FkaEFpMENndkJhdz0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1035,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119973654,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119973654,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOd7pAAEAG9ATAqAJ+rGhdXO4sBNI37f0u8ShzhYAYAfbPKwAAAQEICmbWOUq8oasmR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE4IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBhVXMza2VlelV1aUhuMFlucmFuaTl3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1035,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119973654,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385118","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1035,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119973654,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385118","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1654385120216027,"pkt":"nLbQ0+MztKXvZygQCABFAADxBX1AADYGcZ+saF1cwKgCfgTS7izxKHOFN+3\/SIAYAflO7QAAAQEICryhrIhm1jlKSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IEtVa3drYTlicGVRVFVqNFdjZnNKekJpSXRUST0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1037,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385120896744,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385120896744,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOiDpAAEAG44TAqAJ+rGhdXO44BNLYsfEUYaCrMIAYAfbPKwAAAQEICmbWPOa8oa7yR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE5IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBYdjJmVTdzaEsrRDdBNVAvMW5FQ3p3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1037,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385120896744,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385119","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1037,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385120896744,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385119","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1654385121164319,"pkt":"nLbQ0+MztKXvZygQCABFAADxUyNAADUGJPmsaF1cwKgCfgTS7jhhoKsw2LHzLoAYAfl7JgAAAQEICryhsD9m1jzmSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IC9xNHA4dFI0THBxMFc5OUR5YXRzaEViNXM0UT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127244156,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_usec":1654385127244156,"pkt":"tKXvZygQnLbQ0+MzCABFAADRE9lAAEAGtJXAqAJ+oXUNHbh+AFDtitlbh1f3JIAYAfZyfAAAAQEICrrF4XWXEOLhR0VUIC9hcGkuZG9tYWluLmNvbmYgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBrYW5rYW4uMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127244156,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127244156,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.mobi","domainame":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1040,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1654385127293052,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"} -01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1040,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com","http": {"url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}}} +01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1040,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com","domainame":"cgi.connect.qq.com","http": {"url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}}} 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_usec":1654385127425884,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"} -01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","domainame":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}} 01160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_usec":1654385127488169,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1654385128878259,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01459{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/homePageVideoCollections\/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01490{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/homePageVideoCollections\/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1044,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":937,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":937,"pkt_l4_len":903,"thread_ts_usec":1654385128878298,"pkt":"tKXvZygQnLbQ0+MzCABFAAObJTNAAEAGoHHAqAJ+oXUNHbieAFDTi3nFmPV9m4AYAfZ1RgAAAQEICrrF59eXEOkZR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvbWVzc2FnZXM\/bWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1044,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01480{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1044,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104400059395,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kasper-mac"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp"}} @@ -781,10 +781,10 @@ 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104411327542,"flow_src_last_pkt_time":1470104411735820,"flow_dst_last_pkt_time":1470104411327542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} -01085{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01100{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959775,"flow_src_last_pkt_time":1470104400366719,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} -01086{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104389597943,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01101{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104389597943,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104389597943,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00879{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -793,7 +793,7 @@ 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254477,"flow_src_last_pkt_time":1470104391361874,"flow_dst_last_pkt_time":1470104391254477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"isatap"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855715,"flow_src_last_pkt_time":1470104416959044,"flow_dst_last_pkt_time":1470104416855715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416958909,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} -00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +00978{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104422868933,"flow_dst_last_pkt_time":1470104422913733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1218,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":1218,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi"}} @@ -802,10 +802,10 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104424049934,"flow_dst_last_pkt_time":1470104424115083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":734,"flow_src_tot_l4_payload_len":842,"flow_dst_tot_l4_payload_len":734,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} 00931{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01365{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104402190332,"flow_dst_last_pkt_time":1470104402191910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1305,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75"}} -01365{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104408998487,"flow_dst_last_pkt_time":1470104408999421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1301,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75"}} -01363{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104423189606,"flow_dst_last_pkt_time":1470104423193401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":997,"flow_dst_max_l4_payload_len":585,"flow_src_tot_l4_payload_len":1289,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75"}} -01366{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104429322474,"flow_dst_last_pkt_time":1470104429322445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1301,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75"}} +01333{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104402190332,"flow_dst_last_pkt_time":1470104402191910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1305,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01333{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104408998487,"flow_dst_last_pkt_time":1470104408999421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1301,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01331{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104423189606,"flow_dst_last_pkt_time":1470104423193401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":997,"flow_dst_max_l4_payload_len":585,"flow_src_tot_l4_payload_len":1289,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01334{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104429322474,"flow_dst_last_pkt_time":1470104429322445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1301,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104433033498,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00884{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072031,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072031,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -870,41 +870,41 @@ 04270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385129190409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2812,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2812,"pkt_l4_len":2778,"thread_ts_usec":1654385129190409,"pkt":"nLbQ0+MztKXvZygQCABFAAruNTxAADQGlRWhdQ0dwKgCfgBQuI4gYNzH2G8CK4AYAPB8mQAAAQEICpcQ6mm6xefXSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PXV0Zi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjljNg0KH4sIAAAAAAAAA+WcXWskWRnHv0sucjWVnOc57wNBBFH2bu7N0JzXTDtJOqQ74y7LgDciKAgquyBeeCfCgrh3guvHmXX9Fv4rdnUCybBT6ToIUzCEdDKdf5+qXz3neT2fH6w3YXOzPnh+sL5JqazXB88ONsuLgh9fXB08J6OVdJrYPzvIYRMOnv\/084Nlxi+eHVyGi4L3ffvbv3735V\/wtqvVelOu8aeG\/yKeHSzXi4D\/XcP5uuDVRTgri6uweYX3vdpsrp6fHp8eXy3TEb3+9ObyKK0uTo\/fLHNZLV6HS\/w7Pb59y\/r0+Lqcl7Au+I49nR5rL2QXWHAIKpoiZWDJKmpvDRGzcMpaOvrZ1Rk+13XZLC\/D4v8jvrwKeWppMiEI8ilFp4TTOrKw1gjnrDdkndmuO50v0+vFzfU5Lvb1zeXuem8v5VFcnvW39P61T\/cu7w8OF8vLRbi6OvnfvThc3ORlPikmxyxF7CTUO6Wi6rzV1BlJpFyQJRd\/uHhzwkfuiI\/oELc7vcZtP8HNPVqncll+Hj47Gv7kxSqX85N1fr04u3q1uiyLT505XKzenBDeGa\/DZT75yWp1dl4OF\/j+erXExcwn0Rd2WLLUKrP2+OVZwI91SCaIWjuXyXXKxtQFL7hjR5yqSKypHG5Odky7nvVrfLzF5rMroExvn23h1qYRuuL0GB+bOwFgiwvs8HwZxaIkQ7m4qCzWYKpugu5I8SnR3UkrbVKsjq3VNjuncRWSsdlQLeyz3BPdrcyM0VW6DbnOw+iSVR3l7IurMgBfp4XwFCmbYAVTAc2pBbljxSckdyftTNYSa\/TeWoEnNVjy0ojINeT+1X7kDjIzJpcEfIwG\/gIRrEJnqIfTKqtM4lh9imQrvlDBS1jkBtiOEn6ILDan+zv4B27ft6IknRBzROnlsINj\/966p\/\/54z\/e\/fpXj7inLFr5p+b0WFlBXSGVhXKUXI2wloqt1yFGuGkpB84tmGM\/UvwhdzvQRvvlg7QMVHUMmfDM+aQUQoj+6dOqKCOUUvuZymGFHz\/f\/n3+qbNNLCV7bPIgV3VaELznnEJKglOSoSonZcpUsuXgagNrOVp8SnKHdVchVBBS2KCrd5KTyMJh3SWT0DIPbvl9uzwmstrKzJncVoGVuyVXdrhfNXOMOinY2upzciVKn4VU3qnUxuaOFJ+S3EHaah10ccXaKr0UQiL\/YaV12HZ0SWF4Yp9K7lZmzuS6RjZX35IrOhaZTZIccyUVkddxqoSQk0JYVZIKTWzuSPEpyR2kvRMxJa6pwj2w2iM9g4xjikkJhFe0r7ewlZkzudyIXHtLLnfZKgqOmWqNiK8QXLlAJgebKnIC3CYPO1J8SnIHaR9sjBmuEhlKwnukQLXOpFKfDxA07DVPtblbmTmSu4vjSN4Fcn\/+w+OBHNk2ToUUt7seyU5lVbSKpXBkDZNUkedGnjaTtARPcXALpyw0jBafDvA76QRbLIRR2URVWcsiatEmC+0KB2H9XoHcTmaOgG8LDb4VubehOInOcVLMRlXZx3MmpeSMo1itTSpF04bckeJTkjtIB5uly4hdLb5jV+BQ2KicqLGyCn7Ykp5mmqXYysyZ3DYpCITevVNBSJ5FFBJJWVM0\/EASyhZlHWIaYcGzKw3c4dHiU5I7rNvYSCIwV8lGiByV1CZEKkpaVZBB3NPmbmXmSO7OqYA\/PCSH\/\/TPd\/\/6+pHkMBk4Hg2KEVIy+HZedZH6xEQmhHs+CoEami5VoJ0hoapWaKgnTepTjBWfkO+dNMskVF81833ngsqOnUBumFDHj8WGuB\/fg8wc+d76FA6tOU3IRdsNyEWKzUvFQYpiQkLMpxKKaUJTRZMFRfDbwjLLkeJTkjtIhwCzHBDb1pJ1qOi1KeQsHCqKtlIadqQn+hTDCmdMrm3TuyAlCsAgl7qAKhQ49UEoklGQYrxGkgIFfckiDI1T09rckeJTkjtIV1ctkmpJo9PIuEQiG4tHFYFd8VkZt6fN3crMkdw7nwLF5KEh8puv\/v3FV486FY0qzgp3oJPwKjxSb2xICYocjGarUYqNpRqnWoR6PEb4Idi4RPeN5a7w\/D0Nir0owSvmOQK361BsVI4wqFF2kbNURGBHBOvJes8AyGr0mMJoWNFgh+cxwpOh1IuiWYbsnFEybRxGtr1Vcja6gIyhYC7BRYFSgTAeyVMuse8rb4HSGOGHKO3M0Af1v7xaXZQXaG\/+ZFMu1j9eXb\/ou5gBlaHukxc\/\/FHnInxFL7LUVqCnQEcn0E1gScmCH5XHtt7dB\/geO9gvk6SRas7w6jZNg2zh9XdwEgO2T8HIQVlGhBqwqwZjbCi+km5Skh0j\/BDeJ26pvShmPFjPEaWdD0dgaUgMffn1d3\/7xWM+nG6UGDIKwAUk+BKaBqOrTFKwR9NRyDZZGAt0Yw1p60kDlDHCUwEne1Ficn6OwA0+nGuFEnoeULeTyDEilRxLVD57YauXmuHs1KwULBkK9Q02X2lGik+H1FZ4zkRp1Sb3Z1DwwuOKFAqaQRNcmegBGJrpk65SYv5MUULLjrQttkQ5Wn06poZ1zxGq3b6IUt92W3z3my++\/ebR1IZok7tT3D\/V1mCIz5OUqmCEQ7IUMjMabZDKwxevK5mhbjDl1jha\/CF3O1\/+g4KJuyHXO+kQTES8hCfNx5or2jAQQChMWVqHSpEfAqj7iZQPb0neyXz8fL9\/2FO0acLAuMcturIrSnj0CsWig0PaOWDSMaGbCH3mcO3QRdRgGx4tPiW6w7o1C0zdpoxuIU7FGFcVWczAlISqNschI\/lUdLcyc0aX2ySUURe5Rdd2psaIYi1hnqxmJGzQoqtDCV5plBHyzvpMa3VHik+J7iCNwY8UseMYjCcn5NMxZh5SyTWghYoxtrx9ZJ+K7lZmzuiqNllHxWjahMOgu4SjAHAoBOIeRVribAj0z9RK8Fd1tlHkJlZ3pPiU6A7S2XqXhNUYBUTBr2YhHDwkHTX5mLDn7InuVmaO6O4cYr7rIHr399+9++XvH0kUsWpToZG6nyLzznTwHVDmY19Q1U0BhW30JODe4wCUhG4aNXiGU9rm0eLTAX4njYFadN33z3HJ8P6VZrQkw1y7EByFPd2KnczHD\/h7x0vJN2rulLfoYjIaOU6HOVNM5MGxwN6KUxUURtdQGUJ7stMtbLMcKz4hunfSyWj0Csn+zAFPWLFChtdK+Fg4VQOnaOxlm3crnDG6rNsMO0kpb3uIcKxQKDjrBFW3IkvyyHiZWjN2W0xfBoUzmRq4FaPFp0R3WLfxxohqskQ1QpBkbyUOm6o4CgbRHKZO90R3KzNHdF++ffn2v6mfUJ+ITQAADQowDQoNCg=="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129449830,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":982,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":982,"pkt_l4_len":948,"thread_ts_usec":1654385129449830,"pkt":"tKXvZygQnLbQ0+MzCABFAAPIWPdAAEAGbIDAqAJ+oXUNHbioAFBarhYgKPds64AYAfZ1cwAAAQEICrrF6hOXEOt4R0VUIC9hcGkvbWVzc2FnZXMvbGlzdEZvcllpbmdzaGk\/Y2xpZW50LXVpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmbWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDogbWVzc2FnZXMuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01496{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129449830,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi","http": {"url":"messages.1kxun.mobi\/api\/messages\/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01530{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129449830,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi","domainame":"messages.1kxun.mobi","http": {"url":"messages.1kxun.mobi\/api\/messages\/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":151,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":151,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508270,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1654385129508270,"pkt":"tKXvZygQnLbQ0+MzCABFAADLA6ZAAEAGrXvAqAJ+dy1OuJeyAFCIwHUyTW4UsYAYAfaJyQAAAQEIChuIhYJcXfQQUE9TVCAvbXN0YXQvcmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtRW5jb2Rpbmc6IHJjNCxnemlwDQpDb250ZW50LUxlbmd0aDogMzcyDQpIb3N0OiBwaW5nbWEucXEuY29tOjgwDQoNCg=="} -01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":151,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":151,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508270,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":151,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":151,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508270,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","domainame":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}}} 01062{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":438,"pkt_l4_len":404,"thread_ts_usec":1654385129508322,"pkt":"tKXvZygQnLbQ0+MzCABFAAGoA6dAAEAGrJ3AqAJ+dy1OuJeyAFCIwHXJTW4UsYAYAfaKpgAAAQEIChuIhYJcXfQQvRp0nw2ppXcC6yOw46wWgZzMy5FDJc4R5x6BDvjQ0wxoIXOGGYQ9NS8mc0GI8mV5B6RUdKOLLdyHMcd5TKKRXV6aUAhvfafdmP9+u1yyjoRBy\/Z4bsFO7z02iRFLaH+SssfPgku6BHrhNyeN5ALqOtKCwJWbgUqSjfxmV66Ayi6ArLH8ZRPEtkaOldzuHxhCZGsPLMj5lrpyCpBI\/hUytCRoVcL0dV\/QMO9SGuGNRi\/Ajkx3OZ7jw+iay1fvfajHKHxaFFiqQlP4ANAhjlwtkM1OWi\/Lk793\/2aCcJrjC4nFMTygSlSKmAIRkl+GU\/C069CZkcxT7jNFgtHFhmyXeOpqOHfhmo5N6mRINDfZIpwZkvTBUx608nxLnt\/BZ2XZomwSj9Suk4o\/lo2Z3vv3fPwkT6XztXus\/ExbD+p\/KI22uH8Uy5Ts4RpU6bqEMdXSPj2ssPfM+MX2Gy9aMgXGqKVNStu3vu3sFQ4t38e4RiEZp59c"} -01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1049,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508322,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1049,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508322,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","domainame":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}}} 00911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1654385129804228,"pkt":"nLbQ0+MztKXvZygQCABFAAE9gOBAADQGUyKhdQ0dwKgCfgBQuKgo92zrWq4ZtIAYAPE2OQAAAQEICpcQ7Dm6xeoTSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC83LjEuMTcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KMWQNCh+LCAAAAAAAAAOzKcrPL7Gz0QdTANPi2TQNAAAADQowDQoNCg=="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1654385129813867,"pkt":"nLbQ0+MztKXvZygQCABFAACc4O9AACsG5WB3LU64wKgCfgBQl7JNbhSxiMB3PYAYACHQkAAAAQEIClxd9FwbiIWCSFRUUC8xLjAgNDA0IE5vdCBGb3VuZA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDM0DQoNCnsicmV0IjotMSwgIm1zZyI6ImludmFsaWQgYXBwa2V5In0="} -01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1051,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385129813867,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":404,"content_type":"","user_agent":""}}} +01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1051,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385129813867,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","domainame":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":404,"content_type":"","user_agent":""}}} 01704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385129190409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_usec":1654385129990203,"pkt":"tKXvZygQnLbQ0+MzCABFAAOQVoNAAEAGbyzAqAJ+oXUNHbiOAFDYbwIrIGDngYAYAfV1OwAAAQEICrrF7C+XEOppR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvdmlkZW9zL2NoYW5uZWxzLmpzb24\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNCkhvc3Q6IGthbmthbi4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} 01220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":4,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"thread_ts_usec":1654385130178547,"pkt":"nLbQ0+MztKXvZygQCABFAAIkNT9AADQGndyhdQ0dwKgCfgBQuI4gYOeB2G8Fh4AYAP4m8AAAAQEICpcQ7lu6xewvSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PXV0Zi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCmZkDQofiwgAAAAAAAADq1YqLkksKS1WslIqLk1OTi0uVtJRKsnMTQUK5xYoWRmamZoYW5gaGhvoKKUkliQqWUVXK5VUFqQCNeTml2WmApXnJeaCuC9n7366d6NSrQ5cQUkZiuyLZdOedrUjKyhLLMpMLalEqHq+bc6L6XORlSQnFpXk5+chlDztnvpsz2pkJWWZBQjpMM+Apxs6nvY2IKsoSk1MQSh5OW3ji3Uo8rmJeSlAp+RhWPaifz2aZcUF+UUlSGatnvKiaROyXemg0EAESmPXsw4U+dzS4sxkJAXzNz9b0YRsQElqcgZC\/vnyic+mzlSqja0FACg+AbarAQAADQowDQoNCg=="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1054,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385131029337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1654385131029337,"pkt":"tKXvZygQnLbQ0+MzCABFAAD+y9xAAEAGhTvAqAJ+rGl5Uur0AFBJWQVPCSiD6YAYAfbp0gAAAQEICvK1BpnJoboZR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL2ljb25zLzUtMzI4ZTNjZGYyNDRjMDAzZGYwODc1NGNjYTA1ZmJjMmYucG5nIEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1054,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385131029337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/icons\/5-328e3cdf244c003df08754cca05fbc2f.png","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1054,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385131029337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/icons\/5-328e3cdf244c003df08754cca05fbc2f.png","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131335392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_usec":1654385131335392,"pkt":"nLbQ0+MztKXvZygQCABFAAFyOPxAADYGIaisaXlSwKgCfgBQ6vQJKIPpSVkGGYAYAOt1NwAAAQEICsmhuxLytQaZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMSBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNjIzMg0KTGFzdC1Nb2RpZmllZDogRnJpLCAyMiBKdW4gMjAxOCAwMjoxNzo1NSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1YjJjNWM1My0xODU4Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozMSBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} 08986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131340240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":6298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":6298,"pkt_l4_len":6264,"thread_ts_usec":1654385131340240,"pkt":"nLbQ0+MztKXvZygQCABFABiMOP1AADYGCo2saXlSwKgCfgBQ6vQJKIUnSVkGGYAYAOsBYQAAAQEICsmhuxLytQaZiVBORw0KGgoAAAANSUhEUgAAADAAAAAsCAYAAAAjFjtnAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5\/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP\/wBr28AAgBw1S4kEsfh\/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi\/mvwbyI+IfHf\/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3\/ldM9sJoFoK0Hr5i3k4\/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W\/gi372\/EAe\/tt68ABxmkCZrcCjg\/1xYW52rlKO58sEQjFu9+cj\/seFf\/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W\/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv\/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT\/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC\/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl\/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y\/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j\/i\/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM\/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c\/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m\/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl\/VfPV5bdra3kq3yu3rSOuk626s91m\/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r\/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q\/5n7duEd3T8Wej3ulewf2Re\/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq\/dawto22gPaG97+iMo50dXh1Hvrf\/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1\/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w\/eFIr1tv62X3y+1XPK509E3rO9Hv03\/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r\/y+2v3qB\/oP6n+0\/rFlwG3g+GDAYM\/DWQ\/vDgmHnv6U\/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59\/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm\/K3O233vuO+638e9H5ko\/ED+UPPR+mPHp9BP9z7nfP78L\/eE8\/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAA2FSURBVHja7FprzGXlVX7Wet99O7fvfps7M8wwlwBTBpRSW6AFLGJqULS1P7SNaPnR2B81aVAiNTZKlEZJq1RiUjWVtKAI0Yy2dUBKKQMMQxkGyqXDzMcw3\/1+Lvvsvd93LX+c7\/vmwoCgaEPkTc7Jzs7Ze6\/nXWs961lrH1JVvJsX412+3vUAbOuxzwEACIK0qKBZdIHUG2ZHxCyptKWY\/ic0sQaZ6UZZxxFRHWlpI8arH8OWcg6a\/jGKNqG31oNRHkRN59GQABvcLMQthyh1vomgPkyAQJEHMUZpHWL3LPpP3AcjGZo8iAIVRFhCLb4UQVhBV7UgBXYCGAXQONMDZvkDVVp+GFkVFjUq81EXZOX821zKDCYCswIgEJRV3k54CKBC4hVQKAA9WwjFAGJVQmRTGPJQNZlqKsopWlyDwERCgfUIWchaJRMIBabhLdSWAI5ApCAwoAQoQKpYSroxlU9gznZBySGF8fMeIBgoJ1BO0JIQjmJSNpESxwIbCKwVcDBVG+FWMKwLWZcCeN6wNA08Tv1YgjYBgBjwzgNoQ9UB1IZL3XBfe++tFZncWfJL3nPsQtQjqHeJ1qVqilZlws+m9faBuvnAw62iecTHfW0SAhGQw6LhmkgYaNafwtzADQiaU9Bs6uogfe4KA+46L6gOUzZWLuev9bI6G6HezqnSJOScNb632KT3\/x2S2gNNcVAFmq4EMuZkDuQSgqDIKcZS2yKOFQttYH5iDlUa\/9Rm+u5NCmCuqM4x2SJX4Z5gcWCukS9h8eFWk\/KgO8w+XZEDraxZ\/qHt+dW782TTX4MkIyiYGASCIIRtjV\/Z1fznm5P24avC2NFiCxAXT2amxy3xsFchJaMyIMfPqcYZpDGOpvvRRa3q578\/i+FZuBwzWRcoSlajyTZ8FaSKOveAtA7RAn2D3egOl2COPf0zBRGy+NKvz\/RecuuxsR\/na6tDQVfcvuiR+YHD7EfrXWGpx9vej27XB39tAMcu2TzzZ5cthruvr\/de98caDe1TslCVrWX\/0hd6pvfdUCoVXUex6Znniqvv7qmELy7MH3nskcnN3oXrBWEMT+xvKt+xo6lDu8vuhTsMWoPTsran2nhktmwBYy4GkQeW65clqCVSYYiAGaKWLWk\/9W6rhseLixaapdaJ5Prb1pVnjx+nDBWjoGTHa8HSPLhIwdQ1vcDbXjo2vPvug9Nj5+1auvf3t4Q\/vKY2+dzu6fwXv2yInhycuesvExnd2kYsx3HVV5vrdnzl+Rf6X7pobYiQXkRPaDHfXgB8BM3qmOq79vHJ+LITFy7+9u3eeEr8aPeaxbuw0Ptpqxw50uJkCJHAkwcQWECaW9qTj9\/cf2L\/DaJkWVtlUGnBD3+QK1vOx87BCWD0b6HSXHYhAVAkNoPlYKYWxzOLa2\/6rSfr37vxp4N7bhmY\/dYf9VFUhDYLnI\/T0ZHP\/2Yt6P17YBJJWIAV8KcwSi4e29cMwXZvAaEoUdMUkc51r5n40r0qbqJYOHQ46N3+jSJa8zCkA8LCacCGJXXkbP3ZW0bcvk810sq8M0m7xzbKZBhNAjWcB8dDKA9cDEw8uErsp67CC0bi+qjv3vPlp9td6XnZ178YmSyYtud\/hweuvW3I9jwkurjMiGdcK4Jzhsu4dOsIhFKoqmIWQlAKqb5JGZtGaP+lczOzW2TTb1xjiBxIYYmC3EuKMH2ASu75tWmb60+4T1zLA+8b24J77uxfOHDV0aMP6rGj+1CIx7a+AJfYBJZTnE7phEJCxMiRxLLgei\/504X80Suq6ZErlzbe8Ht96DrQ1Z7GkjWgM\/RXVhTYvHYQl+9aAyeyWneYnc3yUjYfXHt7QlMSp098roaXr8h1ao1y9VVAYEU9Gtk85lolDXwlK6hWzAfB0WqRTZ2g8x7r1yc\/2k4ZIAXD4OlRgR\/sQ+FnECwHgKiBZaCbjqLRylEEAiuvFm3HL9RM8uHR6f7GoskwEpXQ8gRnZJVFXJFj+4Yh7Dx3I0Rcx\/CO\/QqFNYampXbBLceDAV47NfaJyB2pKRmn1FFBdmLpeRQ+AyiEgkBEWiibg1OMS2suJKwkPEEARJbx3HQB5h6sj9dBoYhNiu75x9Ga+xHmiAAmiDB6uRESAYa8WXAWs3kVACEJy1hXVTDq6B3ZgfVrz4GqXzX+VP+QKozOYqYYqq5jsxK3SrRSB1wKIgbRqcEAGPWnnTtNQBmCKjCZb8NQ8CiS5otIXQqy0cnMsKZTlZeXYcBQRw04B1QDAnEVyfBlEDmrSjgtPC2d\/TeW6L8rSBWGCJGfBuAADt7ylSsbU3iGigcR\/eTktMKclZHeDpD3Gpr3ALwH4P8BgDfqCt8igJXSiFP6OlqWc\/K\/bz0RZNnUM1n\/f+QBp4BHCDpNU76NXYWB1\/AnE0IERssBz9C18FTGirx968YzQj+BcvsQMkn+bwGQhqiFLXheQBquBQZ+HsbEnV76LcWzwpgSLGXoG\/0ahtKHkPrqOwtATQhRBkQRGaLYMBLDIDDWV8YxHDwLUUDyFDYaQH\/f5bBUAv6LnBAAPVbRE0bwCEBMGBm\/C8PpPqS+8oY5wNTJvDPHMm8IgH3emcswgUGwIGSecW5pFEP5o1CiVWklvkAc9qO7a+eqJD7rphAQkGJNsNzTEqBkoaIYPnFnB4SUV6iCTrKHwvLKwOYtAFBVFAooOpfkzms9t9iSHMHG7NsAEfSMS71kqESbEJjaG4ZS5gj97GFVTxWqq7s6fOJrGG49hNTXAHTkp2rnwOvZrWWoLgv+k+CsNah296EzEANqScnvqr6I89wDADNUz+44NgFqg3ugeQGXLpzmbxVFOSJYG6xOFE7ftGUQ43+F4XQfGq4snfakg9ULkQpeJ56tkl3meAuA4b1H\/+AQNm64AAsHvwMnim2Di9XhpUeQqyFPgXqycAiRFxGici88p1CNAclRTobR85HfRcoxsie+BG3NdUaWBKyrFJAiAXkHT2U4xFCQBVBaAUEiGBm7E26Eu4VCMpSB2cIub8aZOWCXogs6IWAS1HS6TcUr2LTzeoRFG1wsNroqqdk6d9s9mQ9ejuHCEppFovV2t5\/LegYaTcZrWV8jq0faHptJPnRXoGlroLoW3L8H7tBXVJcyDhqv2lpkUInWYL4xgXbW\/NiAPXxlNZ+ohEi3A7iQGeHK7hIUGye\/yuIRkDEmT2eQZlvY556Jl4sZd4LGVmh0mR0iRLQQeAa5dJLft+tDqB\/78L3j8xNXd5dntpPoT4mwBCSUiJLRcUrcoR5mgFznfqOF31Dp2fWvY4f3f7c6+DKQzjnYWIrahqLWXaDddsNd7b1\/2NV89pNJ0i4RAE+ANxYNHhlTDqBgXekVotjX8+49ty\/yuZiZdWwiQygA2CBEGAHiYUPML3NzACNN47jq9h\/4QbHgS0i0ODbd9Ss\/9wSVq2mWJ5kjjRjIC0Ev1+n99M11g13nrnulXd15aA7BMA5ft37p33\/9B\/1\/8MnL0r2H+9xLH2hzJV+U3kUrh6+onvjGHVbGL4hCWWhj6OFm7cr748n7W3UamH6m8plDM1kZuUQKJbBh7BqUelhMN4\/NAWyTtndWAEAz7yAOUA+bobsDgCIoR9KiWuvhxeHpvf9wD0gCJBq4VrIwH7hwnqgznVAhSJrjWP8vjG1zpSfGfN99B\/MevLb0kW\/9ef+t+66pf2GvL1zBjMgKNS+k+75YOfH9PUPJ5AX3N3\/5trG5nps34Cjm6zvw6qhBphZT7gXkMFAmECtKRnHgGY9mJrh452aze1P7g6V0tluVPRyRCgHEsCezWqHEEnBe6lt45LN7+nKTtUGBiORRwCb3AjBAgAgQRA4uzfngi1AbWtlgDNks5GggC8g7BhCJACGl5XOa\/3ijKFBkQJcf33JkyX581McBFQ+ZkZC9jazbHNkQQcBkCEwAu0IKr9RGnO2mvdedP33kl8gtJaI2F2ECM9h70GPfvrGTxBShr\/nUN0ea+z9uaJkR+CRPv1nvr3Kyv82KN58vWAMYOp3TV1lVzxDAnVoHr4CXZZuIWtnm39kGxCeivA7bql4OAGj5EL1YaGlrP3J\/St3H649PBfa6qm8A9W8sypUAh7Mrjjd7e0MEGAvM6jmPzjfDqbXcgmGF7S11ntZLOZZwyZ\/E8cvrWRY3wLVJwapklKVtiAkKo6KsqqxEQoAn1oKhCiIhhfVGWtWE5ofPrFVEQG4qM6lZM0Va2NNGErK8\/Sy0gpSYlSDEyBkmUKexJxN7Ku\/5i8EIRegKFiFDTz39N6tv31r1Fsqx5clGqzsujrNSqBkqWnGjhoxBQWUppAyvgZIviPMGYj9tAAX7NnlEPq5Uq5uyf7vPpq\/sXlHYNgSW\/MjEVM\/PXj1pdxwP\/KIFc8dTq12SwiAjUEdFUBhqYAqExZRBqVtn8vXe03q\/pzraHMRr0s6NuKxTfk9xsYB8KrFJ50yRQaEIyYI1B6mBgYVoJ0ZIC7BmYMkBKFiLjnAx\/TNZaetn5tzwZ+Pi+U1GM9O0u8ZLA7v+JSlffDhYmoVBBiifVDC6PGHSbDUZSBUsRef+kiEybQhlYMkg1PEoMU4H8I50fxCAzNFWsPE\/GEe3BhDb5LXHk3j44Iokfkef927\/q8F\/DgCIXuq2\/murMQAAAABJRU5ErkJggg=="} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":4,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131340240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1654385131355130,"pkt":"tKXvZygQnLbQ0+MzCABFAAD+y99AAEAGhTjAqAJ+rGl5Uur0AFBJWQYZCSidf4AYAfXp0gAAAQEICvK1B9\/JobsSR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL2ljb25zLzUtODAyZDc3MWNjZjVhNTU3ZWY3NTMwNWVjYmQ2MzRhNWMucG5nIEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":5,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_usec":1654385131589006,"pkt":"nLbQ0+MztKXvZygQCABFAAFyOQJAADYGIaKsaXlSwKgCfgBQ6vQJKJ1\/SVkG44AYAPNbGwAAAQEICsmhvFLytQffSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMSBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNTYxNg0KTGFzdC1Nb2RpZmllZDogRnJpLCAyMiBKdW4gMjAxOCAwMjoxNzo1NSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1YjJjNWM1My0xNWYwIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozMSBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385134408251,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":565,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":565,"pkt_l4_len":531,"thread_ts_usec":1654385134408251,"pkt":"tKXvZygQnLbQ0+MzCABFAAInA91AAEAGThXAqAJ+rGh3UMBaAFDHE+5UhHHU2IAYAfbo+AAAAQEICpOtHJliB5VhUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NQ0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkN1uhCAQhV+lmWtjBPxB7rav0PSqaQzC7C5RwSC6JhvfveC2SRMumO8wZw7zhGAmXIKcZhCkrkrGK8JI9gYaN6MQxBNWbTQI0JRhRZG3Ta\/LK+Ot1oVqSkYVr0nsggzUXVqLY3xMhn21kUxOn\/Wih+42353Fbud1FHovbXK9OXcbMQK3dBv6xTib2pObnOd\/iOY8p\/k5RXpv0Ed2sdq7GC4Dj4sb1\/DbXfBiJ01bRmF0SkZ\/AWi7z48ILIaH80MkD3M1aczLpDs\/2bdIedPUrCo1rdoUbJIqCgUVpBLvVBTF68CRliSDTCuSKpjNBIMLiK\/vDHBXOKc0f\/WGNpz34\/gBCIhwTg=="} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385134408251,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com","http": {"url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":0,"content_type":"","user_agent":"okhttp\/3.10.0","request_content_type":"application\/octet-stream"}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385134408251,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com","domainame":"android.yingshi.tcclick.1kxun.com","http": {"url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":0,"content_type":"","user_agent":"okhttp\/3.10.0","request_content_type":"application\/octet-stream"}}} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1654385135021838,"pkt":"nLbQ0+MztKXvZygQCABFAAEVhPRAADUG2Q+saHdQwKgCfgBQwFqEcdTYxxPwR4AYAfrU9wAAAQEICmIHlwGTrRyZSFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcg0KU2VydmVyOiBvcGVucmVzdHkvMS4xMS4yLjUNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MzQgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClgtUG93ZXJlZC1CeTogUEhQLzcuMS45DQoNCjANCg0K"} -01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1060,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":225,"midstream":1,"thread_ts_usec":1654385135021838,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com","http": {"url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":500,"content_type":"text\/html","user_agent":"okhttp\/3.10.0","request_content_type":"application\/octet-stream"}}} +01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1060,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":225,"midstream":1,"thread_ts_usec":1654385135021838,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com","domainame":"android.yingshi.tcclick.1kxun.com","http": {"url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":500,"content_type":"text\/html","user_agent":"okhttp\/3.10.0","request_content_type":"application\/octet-stream"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136206220,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136206220,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIhQ1AAEAGzADAqAJ+rGl5UrRoAFD5HfAjxRS50IAYAfbp3AAAAQEICvK1GtLJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5OS80NzA0LTUwMTdiY2RjYWNjMDJjYzNhZjQ4MzNjZDFlZDcyYThmLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136206220,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/299\/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136206220,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/299\/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1062,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136207603,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136207603,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIuBVAAEAGmPjAqAJ+rGl5UrRaAFA4F3kV79XZwoAYAfbp3AAAAQEICvK1GtPJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5Ni80NzAxLWUxNGQwNDgxYzhmYmU4YTQyNzk1YWJiODc5Y2RhMmQyLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1062,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136207603,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/296\/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1062,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136207603,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/296\/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1063,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136215384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136215384,"pkt":"tKXvZygQnLbQ0+MzCABFAAEI535AAEAGaY\/AqAJ+rGl5UrR4AFBRsl56JroizIAYAfbp3AAAAQEICvK1GtvJoc6eR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMS81MDI3LWQ3MDcxOTJiZmEyZGFiZjIyNzcxYTRkNTY0NTRhYjg4LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136215384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/301\/5027-d707192bfa2dabf22771a4d56454ab88.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136215384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/301\/5027-d707192bfa2dabf22771a4d56454ab88.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1064,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136216297,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136216297,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIGp5AAEAGNnDAqAJ+rGl5UrSEAFDq37\/yn5TBcIAYAfbp3AAAAQEICvK1GtzJoc6cR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMC81MTgzLTUxZmI5OWEyMzkxZTc3NDAzN2JhMjFjYmNhMzA3YmU0LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1064,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136216297,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/300\/5183-51fb99a2391e774037ba21cbca307be4.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1064,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136216297,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/300\/5183-51fb99a2391e774037ba21cbca307be4.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"thread_ts_usec":1654385136274668,"pkt":"tKXvZygQnLbQ0+MzCABFAAImA99AAEAGThTAqAJ+rGh3UMBaAFDHE\/BHhHHVuYAYAfXo9wAAAQEICpOtI+NiB5cBUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NA0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkNFuhCAQRX+lmWdjFESRt+0vNH1qGoMwu0tUMIiuycZ\/L7ht0oQH5lzmzmWeEMyES5DTDKKsWUU5KynL3kDjZhSCeMKqjQYBmlBkBHnb9Lq6Ut5qXaimokTxuoxdkIG6S2txjI\/LYV9tJJPTZ73oobvNd2ex23kdhd5Lm1xvzt1GjMAt3YZ+Mc6m9uQm5\/kfIjnPSX5Okd4b9JFdrPYuhsvA4+LGNfx2F7zYy6atojA6JaO\/ALTd50cEFsPD+SGSh7maNOZl0p2f7FskvGlqyipNWJuCTVJFoSCiZOKdiKJ4HTjSkmSQaUVSBbOZYHAB8fWdAe4K55Tmr97QhvN+HD8N\/HBS"} 00983{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136559919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1654385136559919,"pkt":"nLbQ0+MztKXvZygQCABFAAF0doZAADcG4xusaXlSwKgCfgBQtGjFFLnQ+R3w94AYAOsxxAAAAQEICsmhz1XytRrSSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDQ1NzQ2DQpMYXN0LU1vZGlmaWVkOiBUdWUsIDEwIE1heSAyMDIyIDAzOjE1OjEzIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNzlkOGMxLWIyYjIiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} 02589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136559919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385136559919,"pkt":"nLbQ0+MztKXvZygQCABFAAXUdodAADcG3rqsaXlSwKgCfgBQtGjFFLsQ+R3w94AQAOuqegAAAQEICsmhz1XytRrS\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIAQQCgAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APk7XL28GtXY+2XHE7\/8tD\/eNc59AkrIq\/br3\/n8uP8Av4aB2Qfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIBfXvP+mT\/APfw0BZB9uvf+fy4\/wC\/hoCyD7de\/wDP5cf9\/DQFkH269\/5\/Lj\/v4aAsg+3Xv\/P5cf8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIPt17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyEa+viOLyf\/v4aAshft17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8\/lx\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fy4\/7+GgLIPt17\/wA\/lx\/38NAWQfbr3\/n8uP8Av4aAsgN9e5x9sn\/7+GgLIPt17\/z+T\/8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/J\/+\/hoK5A+3Xv8Az+T\/APfw0XDlFF5en\/l8n\/7+GlzAoXHJdXxPF5Of+2hpc5pGm9ixFLfMB\/pdwP8AtqahyR0wpX6FqA3\/APz9z++JDWTmdEMNd7F2EX2Aftc\/p\/rDUOpY6IYdLoW4Ptn\/AD8zHPGfMNQ6l2ddPDxavYsKbsOCLifA6fvDzUc7Nlho9iwj3Q+U3M3Xp5hpObsUqC7DxLdg\/wDHzPwefnNS5GkaK7E6S3hAH2if\/v4aXMX7NdhwkvMAfapsZ5\/eGjmLVFdiRJ7kEAXMpAGfvn86LmnsY9hPtN5ux9plHtvPSjmE6UV0Q1bm727hcS493PFHML2cexE15dZyLmbp"} @@ -926,33 +926,33 @@ 02233{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1136,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137455380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":143010,"midstream":1,"thread_ts_usec":1654385137455380,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":69132.9,"max":895343,"stddev":184366.4,"var":33990969344.0,"ent":2.2,"data": [356191,54,308075,59,2442,3212,112,200163,0,56,36,29,26,27,25,1594,86,63,42,33,23,24,35,23,895343,371980,1,1344,81,1941,0]},"pktlen": {"min":260,"avg":4534.2,"max":21652,"stddev":5608.1,"var":31450232.0,"ent":4.2,"data": [264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332]},"bins": {"c_to_s": [0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1],"entropies": [5.893450737,5.720896244,7.959624290,7.965476036,7.917325974,7.914794445,7.850610256,7.954618454,7.905844212,7.834187031,7.916584969,7.918063164,7.852417469,7.840590954,7.847774029,7.850798130,7.845216751,7.939498901,7.947888374,7.909615040,7.916443348,7.857475281,7.837258339,7.835073948,7.714247704,5.815073967,5.763088703,7.974996090,7.979550838,7.864511967,7.949629784,7.970819473]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385139579809,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":953,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":953,"pkt_l4_len":919,"thread_ts_usec":1654385139579809,"pkt":"tKXvZygQnLbQ0+MzCABFAAOrd4dAAEAGTmTAqAJ+Zx1HHomAAFCgxdnYmdL2h4AYAfZ0\/wAAAQEICoGE\/JiYFaLeR0VUIC9jLzM1LzEzMjc3PyZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzYmXz0xNjU0Mzg1MTM3OTY4Jl9jaGFubmVsPTFreHVuJl9sb2NhbGU9VVNfZW4mX2NhcnJpZXI9MzEwMjYwJl9yZXNvbHV0aW9uPTEwODAlMkMxNzk0Jl9haWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlIEhUVFAvMS4xDQpIb3N0OiByZWxlYXNlLmJpZ2RhdGEuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -01636{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385139579809,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com","http": {"url":"release.bigdata.1kxun.com\/c\/35\/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385136&_=1654385137968&_channel=1kxun&_locale=US_en&_carrier=310260&_resolution=1080%2C1794&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01676{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385139579809,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com","domainame":"release.bigdata.1kxun.com","http": {"url":"release.bigdata.1kxun.com\/c\/35\/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385136&_=1654385137968&_channel=1kxun&_locale=US_en&_carrier=310260&_resolution=1080%2C1794&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385139941321,"pkt":"nLbQ0+MztKXvZygQCABFAAIlZ39AADYGafJnHUcewKgCfgBQiYCZ0vaHoMXdT4AYAffzugAAAQEICpgVo9OBhPyYSFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpMb2NhdGlvbjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvZGV0YWlsP2lkPTI3MTU5JnN5dGpkdCZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzkNCg0KMA0KDQo="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":765,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140171515,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":831,"pkt_l4_len":797,"thread_ts_usec":1654385140171515,"pkt":"tKXvZygQnLbQ0+MzCABFAAMxxydAAEAG\/ubAqAJ+oXUNHbFEAFArm5Oyz2Zv74AYAfZ03AAAAQEICrrGE\/SXERVjR0VUIC9kZXRhaWw\/aWQ9MjcxNTkmc3l0amR0Jl9pbl9hcHA9a2Fua2FuJl91ZGlkPWU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOSZfdj0yLjguMi4xJl9wYWNrYWdlPWNvbS5zY2VuZXdheS5rYW5rYW4mX21vZGVsPXNka19ncGhvbmVfeDg2Jl9vdj0xMSZfYnJhbmQ9R29vZ2xlJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX2dhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJnQ9MTY1NDM4NTEzOSBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01509{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":765,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140171515,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385139","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01543{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":765,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140171515,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385139","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140551907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140551907,"pkt":"nLbQ0+MztKXvZygQCABFAAXUeftAADQGVXChdQ0dwKgCfgBQsUTPZm\/vK5uWr4AQAO+9VgAAAQEICpcRFhe6xhP0SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogVHVlLCAxMCBNYXkgMjAyMiAwNzoxNzo1NyBHTVQNCkVUYWc6IFcvIjYyN2ExMWE1LTFhZmQiDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjk0NQ0KH4sIAAAAAAAAA+1ZzXPjthW\/+6\/A8hBKYxIk9S3LtGfX3kkz2a\/uutN2NB4NREIyZArgkpBlxfa5nZ46PeTQe0+9Z9Imf85urv0X+gCQEuWP7qbNTJJJPR6TAB8e3jceft5\/dPzy6OT3r56iMzlP0KvfPHn22RGyXM\/7bfPI845PjtHvfnXy\/BkKsI9OMsJzJpngJPG8py+sHYSsMynTPc9bLpd42cQim3onr71LxS1Qy4tXV1bW4ljG1sHOviJSD0riA2C1P6eSgBwydenbBbsIrSPBJeXSPVml1EKRGYWWpJfSU4sHKDojWU5luJATtzdAkiY0PROchlxY3oYpJ3MaWheMLlORSSW3+VmzXLJYnoUxvWARdfXAQYyDriRx84gkNAQDOGhOLtl8Md+aArJbU4ucZpqEjGHhfZJkdEKzjGYVpUTGpoyDWcAQCePn6AyIQsuL8twjaYrheRi0+n7bQhLMUVgBZi2U0SS0crlKaH5GqSwUrzKZ5V6+ZCnNigeeM644fhSv\/UeuC0LlUcZSiUi+4hHKswhk81IyBec18FSIKey+4jGLiAoQHIl58dWDzUmcj1eGCM9y62DfM9wOXFcrXPDWXFUA5BBR6QXOxdlCc4qYXM1ywQ8ZNa6usFAGK9ZXDDMjF8TMWgdoyXgsljhKxAKeSY7CO1PX11cQR5Lxab53dePkksiFersZrFdhcAOLQ6vhN3y\/HfSbrb5V+ZouxgmLRud0FVo+bY07vd44GkfNqN0nzaAx7nf9dp9OYHHUa1Hapj06Dvx2L+4EjV43isbjSTQJSK9NSMMaoNpkwSNlytrSiZ3cSRxWv1oOk9NQ\/bm+Hp4O1AtOF\/lZ7cqeyjkGoTNp73G6RMdE0lodT6k8YXN4c+gFJNKeJpvl9k19cEEyNAljRfI0oXP4mj9ZnZDpC0iVWl4f+qfODD5HGQVWBQXMO3ESJo9COyaSPCMrmtmH9idJaO8me7Y9mGEdHqHMFhQGyp926U+Sso0HMGEqLpTUs\/wQrGrvst04GUxwSjKQ5YWIKWYcEkk+oROR0drMmdQHN\/Wa8aUTi2ihhHZs42XbqYjk2J+ePHfbjfbz1vOmXR+gdbztfDBa1rUBmSAvxX\/7BZQVnWR4Ktl8iiPu6TlPpJSDct7baJQIEtNMhThSBnKLiAn8oN3tNpt+MZ3RmGU0kouMhbqAqnhX9iHndE74lOigX9KxlwgoCr9++5oCLYdqUZQ7S9c7C20SaWfnnjQNbe0OW2uydoQq1SYXJZmChVXNy\/WOMNZeSSWoYG+Yb2ep0Sx2o4SBA0IrIi7Evtvq9IJu0Gp3m61mM+j0rGqpKK34PxeMe\/Xc9lROo0VGQSSoOniKYwGJSUHY6BxzKr0tJSt1RClZiQ4TyJZ+WNsbfKQBK7zvMN5m+F9KvJFWFVFU1rS1bzdlbjN1fY2uonm8h4anNwO9av0Nw7wpJ+vSU0dXmgahDVVMJ4zTN4mQNdtrBJ1Otxv0G93AK4N3lEuw9WrUbPuXbX8UBEHXdtBwCGMHtaGuIHuSLFisJjstmGt21OSw2TDfFUHMLtxpKl0S"} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140556480,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"thread_ts_usec":1654385140556480,"pkt":"nLbQ0+MztKXvZygQCABFAATlefxAADQGVl6hdQ0dwKgCfgBQsUTPZnWPK5uWr4AYAO+qDAAAAQEICpcRFhe6xhP0u0Gn2Wk3A7\/T7fd6rm\/XMYnjNyZsaxuxjL9r9brRqipx+QlDnkIovIEin9DX0GNAPtf+E30kkoSkOX06T+XqmF3k91EXTIs8Kimgwir3lOecejeF6qflqjHhnGZ3XLXllrXbPuChwO81Gv7\/PZRAGwvHww+UTBz6qQs6gsoPnkrW2bRJoTJtIINa\/b6Dgk5fZdPahfenU9Dst3o\/X2dtHXa6izQzCLFJTbWBYoJYfnQOJy8KQ2SVFc2CiqYKfUmt6R8VlFA8bn1EqFZpXTf1tDoJFXV4Wi\/6sG3eqiibCjUi8cicl3vowQPTubvaFJeROjZHCfRwCTDK95Dqr24TQ8XZnrqpDiuDdVFS37fbhi1Lqg5xXV9B9827OkRutnZbf1NxX6XVY22ih+nvHjpVyUsTqqT6yZ89Dwn+gSPog8vuO4keWnTnQKoSFlGyToAtx\/2QjvhxTpaqqtXA+eXZ\/0c\/N34urjBHwa2i6BlQykBS5a1LX7oAVdqXTCb04Ltv\/\/7+L1\/ue2a0sw89K1L4AFz6VOsPQyAtJyu3EKLAr3U\/WEVzKqCFuSB4nslPrO6Y7szc0iqsvIj4NIppYxtV2Sl23ynK+04JkGiABas73gy632zlBjiAXw0HbeEyD66AjQRP3QZuYf\/7LEvIFyt1O\/7AGlsLdxerguuoMZStwb+NoSq31C2ZtxgZZTE04NDQ51KkhRQfwfPdN3979\/WfvvvyD++++er9n\/\/4\/h9fvfv6n\/\/69q8xBY\/ElEcrlyQJWGVHx7vp8QvngZnvkBWI28eqYSlfTcZuHp8rF38\/G+jFgPvEIsPjBY8TCjwOg04LOr9ur9v6CHZbNtX8ILrhKm1APoUirjn2ABWrXnm3Ym59\/xcMgCYcnF8uOJ6LsUaBQDlPz4wMwwe5eFUt2uru2W8GD1N7MoKAW9JYJEKca4QDrAmwSmHNDcABebK5nT0qm0UE0BuKHSTLa\/ASn7BzKc4fAwC+gktu\/nI8AxgnlBpNk\/ItYHNSAXTSAHQwgwHUPhNxHg4t1cRZjgVIeHQOTwbRI9lkpV45QHccUBh4j+l4MYWn4OrPZKJfI7UQkLhYUZOEEUU5zcQihac5749ARabIYparW24xPnWUEABtPubxsUKdw1K7mnRo\/UoO6elmCsamB4BZsBcHP9ceZxlZ4TQTUqjGGufgfooBE09qJJtqEC53\/Hq9DlgpIHU11Tay0B+w\/Yr6OKF8Ks8GbHe3fkugGoy1kIWlhuy0PlA0pVU24sn6VbkDDRXJiBWmdjjsyO\/bkd+zI93aj8N+mQbYEL3RX1Sh2uxKHV6\/MlptwLoyArDUEaGDiwU97qXskiaehltzlbJalRErxAWY2WwBkoPhh8Y9eoBHi5Dp7UcQUUo5uaHWbtotkV1DJQyV2FAJxZOrsQ5IEZYo6S0Y1zLBbtUHAt+PmTuiQHIf+fCqjg22ax1C3qgDbpfuWp8kbAxvJvLJZqN74eT1foAqD8iDEK9wSB1AKY04KQMoN9Tsox6k+ecnR\/7Lz5uPX79qfxY8\/xQw3TWVSiuDutyU4DAq9QYkCRgp6vX5rs5E\/c+jg51\/A9YbBkX9GgAADQowDQoNCg=="} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":4,"flow_src_last_pkt_time":1654385140580140,"flow_dst_last_pkt_time":1654385140556480,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"thread_ts_usec":1654385140580140,"pkt":"tKXvZygQnLbQ0+MzCABFAAHoxypAAEAGAC3AqAJ+oXUNHbFEAFArm5avz2Z6QIAYAfVzkwAAAQEICrrGFY2XERYXR0VUIC9jc3MvYXBwLmNzcz8xNDkwNSBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2NzcywqLyo7cT0wLjENClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} 02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":5,"flow_src_last_pkt_time":1654385140580140,"flow_dst_last_pkt_time":1654385140772217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140772217,"pkt":"nLbQ0+MztKXvZygQCABFAAXUef5AADQGVW2hdQ0dwKgCfgBQsUTPZnpAK5uYY4AQAPsjnwAAAQEICpcRF726xhWNSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9jc3MNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDA1IEZlYiAyMDIxIDAzOjQyOjE3IEdNVA0KRVRhZzogVy8iNjAxY2JlOTktMTdiY2MiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjRiYmYNCh+LCAAAAAAAAAPVfWtvZMl12Pf5FRdLCNodTPewm48hm0AgaeWNDFiGsFYQIF8aze5Lsj3NbrofO0M1FpATr2EZsWXLhhLYSqAojmHYseVECmDDsfJnPLO7\/yLnWXWqbt1Xk5wdLaXdZvPeqlPnfU6dOvWV97\/x1Q9\/41e+nb3zb779QefknbNH54vJ7fZ6tLyczgf72WizXpzdjCaT6fxysH92sZivOxej6+nsdvDOq1\/83Wf\/\/NPP\/\/yTz\/\/pj9958uVv5LOP8vV0PMp+Pd\/kX37ifn\/y1eV0NHuyGs1XnVW+nF6cnY\/Gzy+Xi8180hkvZovlYO\/i4KJ30T97lGU0xWr6nXzQ69+8PPv40ePtYrOeTef5YL6Y52fr\/OW6M8nHi+VoPV3MBxl++\/Gj7niWj5Zb+vfgfLG++vjR3m+uFvNtNpmubmajW34bvp0tRria7c1iNeURLqYv88nZi+lkfTXo7e9\/iecYzaaXMPw4n6\/zpQF5sLw8H717evKkd3D0pHf87En38L2zWX6xHuwDvOvFDf33Kp9eXq15OIWAQD37Tmc6n+Qv8U89D042vb7cCghHOJAOQL+4EaZzxETnfLYYPwfc7I1uboBYLzv85vEhvinEI9LBI9ej+eVosngx1+FxhW7xvHaCWhZhlvq+EOfiwkCNQLsxAbsfFQBwgy\/zGRDpozwC6enj63y+efwUxoH\/dl4sRzfbAktkexf0jwc1Y1iBuOvFNSHZYd3Q7nyxnOTLDq6od\/MyWy1m0wmMxfyluM96+31cBkxfgD5GHzyTzabb2XS17qzWt7OcWe7sAhhpPUAQhHX6R0nOcdjIFB0yM4xqqP4MqGL+sLoZzbeO7ExvhoyW1jkGQntRyXpH8LvI0hH9Y8bqLvPJzWI6X7sBAzYS5B0YpsPPHu7ROWBxswbZA6Sewp+WxNsHALFgewkitVkNsh6+aJB8YJhJRB2wMJHX4HlDIaY2iXcoemaZODmv0rEHyYMIC82vC++Oxsh7GWFSX9rfHx8+O48f8QjS55j3Pn70aA8lB1VGQV94jmWNsP+EflAbeAz09q1eUZlGCXS8a\/gZ4NLpMvdpeD1aPS\/jUtHQhv\/tHI6EynnIYSUzZHvj2WKV+2U6qit\/fEno3keykwwe7qO+qR3TcDmq16rnFbghsJoHxYFvF9d0mGh2z9dugUqBypU4yPhpD1wWj3OMSGGkoVAToXtHzZbNg8cgIx+irkKN0b1aXOdoLAz\/ZZvl7N13ut2n0+vRZb56io8M8YXuzfzynffA7nSW+U0+WltxdMyR9VAMO0fPAGw\/aIdscHbQh9WwGyDIP0BVI0qS\/8BrzU7gSSCKA3Q8WueXi+Xt\/QLbeXbyINCuwH0YX90zrL1jQNYDoPb6vpHaPwLNfc+AqgJ+KI5FMbsvfnWwPiTTPgjAD8i3DwLvA7Hu\/cD66Onj2QIiH\/RNfw0\/vA8Bzwg87iUYYAyJ"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1158,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":443,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140779083,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1654385140779083,"pkt":"tKXvZygQnLbQ0+MzCABFAAHvAsFAAEAGxI\/AqAJ+oXUNHbFMAFBD8y8ewu06rIAYAfZzmgAAAQEICrrGFlSXERfAR0VUIC9qcy9zd2lwZXIvc3dpcGVyLm1pbi5jc3MgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":443,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140779083,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/swiper\/swiper.min.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":443,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140779083,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/swiper\/swiper.min.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140794335,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385140794335,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEGNAAEAGtwDAqAJ+oXUNHbFWAFBjG+nbqUorjYAYAfZzhwAAAQEICrrGFmOXERfRR0VUIC9qcy9kZXBlbmRlbmN5LWFsbC5qcyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140794335,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/dependency-all.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140794335,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/dependency-all.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140824396,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":416,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140824396,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_usec":1654385140824396,"pkt":"tKXvZygQnLbQ0+MzCABFAAHUlAtAAEAGM2DAqAJ+oXUNHbFmAFDqwyBTbdxR+IAYAfZzfwAAAQEICrrGFoGXERfuR0VUIC9qcy9mYi1zZGsuanMgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1160,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140824396,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":416,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140824396,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/fb-sdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1160,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140824396,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":416,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140824396,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/fb-sdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1161,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":434,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140835391,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385140835391,"pkt":"tKXvZygQnLbQ0+MzCABFAAHm88RAAEAG05TAqAJ+oXUNHbFoAFBS0EalvQnYUYAYAfZzkQAAAQEICrrGFoyXERf6R0VUIC9qcy92ZW5kb3IuYnVuZGxlLmpzPzE2NDQ4MDc4NzQgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1161,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":434,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140835391,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/vendor.bundle.js?1644807874","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1161,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":434,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140835391,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/vendor.bundle.js?1644807874","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1162,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":436,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140836422,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"thread_ts_usec":1654385140836422,"pkt":"tKXvZygQnLbQ0+MzCABFAAHoPA1AAEAGi0rAqAJ+oXUNHbFuAFD4VTA0r32OCIAYAfZzkwAAAQEICrrGFo2XERf6R0VUIC9qcy9hcHBsaWNhdGlvbi5taW4uanM\/MTY0NDgwODIwMCBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1162,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":436,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140836422,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1162,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":436,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140836422,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1163,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140850557,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01107{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1654385140850557,"pkt":"tKXvZygQnLbQ0+MzCABFAAHSWjRAAEAGbTnAqAJ+oXUNHbFwAFDyLD7Q6DFyGoAYAfZzfQAAAQEICrrGFpuXERgHR0VUIC9qcy93ZWJzZGsuanMgSFRUUC8xLjENCkhvc3Q6IHRjYWQud2Vkb2xvb2suY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1163,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140850557,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com","http": {"url":"tcad.wedolook.com\/js\/websdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1163,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140850557,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com","domainame":"tcad.wedolook.com","http": {"url":"tcad.wedolook.com\/js\/websdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140963152,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1363,"pkt_l4_len":1329,"thread_ts_usec":1654385140963152,"pkt":"nLbQ0+MztKXvZygQCABFAAVFItxAADQGrR6hdQ0dwKgCfgBQsUzC7TqsQ\/Mw2YAYAOvLegAAAQEICpcRGHq6xhZUSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9jc3MNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogVy8iNWY4OTQ3OGUtYzJlIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo0MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KDQozYmYNCh+LCAAAAAAAAAO1Vm1v2zYQ\/mz9ivvSpTMkS0kLrFCQAe1eiqApECzFin1kJMoiIpMCSUW2i\/z33VEvlj1JGZbOH+KYvHv48Lnj3YVLD5ZwV4uSa7hY\/bSK6PdndS8KDlZVSQ6mECluMplCptmG10o\/QC1sDjnTac00B5YkvOCaWZ6C1UwaYYWSBqEILbe2jMOwruuVSJlcc61WlQkbXPx2h4et8S+q3Gmxzi1cROdRgH\/e+vBnwVKxERo+4ZEF25QiFYT8Jecgfu0hZw5r0W9EwqVBlpWkO328vYEf4PP1l3b7D7wFo20lY3hfrStj4U3kE5W33jL0wiVcvezjfWBGJJ3gd3ZXcAPeyzCvrpDaqpExSJS0TEi83DdvsWF6LWQcAausuvQWpWoiE2teMCseOa6pR66zQtVxLtKUS1wJan7\/IGxwz5KHjCU8eBRGYEIIuxsYbdT+OQvzjIGa3589H0Pxu9iCyuCrYwtZIZIHroVcA8qx2AcCQ7yNzy+9p16cWrOSEh2lGZOiFqnN4\/MoejVQ4ZDPQakVeqMKnUJuL1N640PBM+vjiynHXdMKXwe+iTgypwbkHzskjAl\/k76Oyq0f+dGPp4buUQUWH4JcB1klEwdICYuWGDaKyCjbfmOEar\/XoJ\/w7HdnSfZWzzFU4\/za5RF2Rw4n3AZek\/Id+U8oF4wCNVEotxQF0taMU+\/WR7h3W+PCtnjzuh4dOkHfW4zFfCIzB6bHavb2U1IOPMeJDOqG2gZG7DFLY6ByxCXWErWldKZMwX8ntid3Di8405wjSsrhZ+hK3uBVHz3M8WwEejCBqmzHZ+Zmx7az0TgynU27oeW\/PLut49AV8oMerolSPcMSzmzsyhBdrCvhk1r\/91BQF7z+7TyCr1hhVW3gNleSwzuqx9jMBr2oLt8FudJiTz2pIJbuHdFUEbCmekHJZLA7qtHohC3JimTOBbPpyfse\/fgvVWlIsNGrDRjXjn3IOc40O1WB5DTQKDAlT0S2c9nsmuuZcfOQU\/\/MeJjt3Ph4F+y2rsz7wG2y+t\/6OkbgrqXUjG7I5w45xKS+twiXTSe7iLCVYDbknAaqGLCz4W80GcmfISQNfGYIiRWwwyQQao8DzFcjkC6+j5xi3iPj3ENRx9Uma0luVySoX59yaoYOHEJPENwsgsv\/gFh4CIFnvXCW8m77IEIznn3PKB4yJMB5zeJ03V6PpNjzQQbBfWUtjaHL0N2sK3aNgifeLhcO8jauTTo3AEN5WwUnIDp9RzH+Bl7SBF8uDAAADQowDQoNCg=="} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140978405,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140978405,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwZAADQGnGWhdQ0dwKgCfgBQsVapSiuNYxvrg4AQAOsJXgAAAQEICpcRGIq6xhZjSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0yM2UzNyINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA9y9aXcjx7Gu+33\/ChLWpoBGkU22JJ9tsItYUqtlydZkdduSNwh5YSgMJAiQANiDCPq3n+eNHCoLBCV7n3PXvetqIGrIyjEy5oj8j6dP9vcu\/nJbLN\/vvTk5OuG\/vc1efdDYe3Z8\/EnG35OPw\/svFrfzYW89Xcyzva\/mgyMKXtzoy6PFcvx0Nh0U81Wx9+Tpf+yPbucDlav3sn7jrrboXxSDdS3P1++vi8Vo72oxvJ0VBwePvDgq3l0vlutV25ULt3nvaLgY3F4V83W7T837x41W2VDjbjqq75dFGuvJcvF2b1683Xu5XC6W9Zof5bK4uZ0ui9Veb+\/tdD6kzNvpesJdqLzWOF0W69vlfI9WGvct+1uvMfZiNJ0Xw9p+GIf7vu1+WuvJdJWVHdLI3\/SWe4O8082G+eBopRnKCq4Gi\/mgt85GXF7fribZmAu6Urz7bpRN8rv7bJpPjtaLV+vldD7OLriZ9FbfvZ1\/v1xcF8v1++xShWZ5zS1YLbvKq+36\/mvwV0ejOZVP17YW99k8f\/pz53x1fvvFyy++OH\/36XG3udm6\/+DpOFtQ7PBqdfg0u86fHtY758Pe4S\/dxtPxNLvZ3VifHv\/1mv696K2KeuP+VC3nV0fXy8V6oYXP7xy0tGYZE7BaL28H68WydZWtihngwWWtls2K+Xg9aR1n68Wny2XvfbnCjTs\/quHRoDeb1TXdjftsXKzLMr1YaH47m+3nvfbxWa+tkp1eUz9Hrv6uLVan121VK9NqvFr3BpeVKrWKfUZyVSzHhbWrFQwDqDeyXgkxDLd4853Be24A0VfZdfFubbfhJuvfZ0VvMEnaEbz4EV4d6Z21lGkH3WdXveukaCxoQ4qdrtPF3rX7LMJDPxvE4j03czxSpQ3qNZgsa44ltyoeHvWur2fvfY+WY9uEK1Uwmi5XyQJUKyhu6seUmfV+tcjhCWWKm7IXrKKb8mTFskHe7DXrWs5+6zjO91Y\/B2f58cFB\/2zQ7uhNZ9DttjpdVT8flvVXO1ku2GZj1aVrKzDic01xa5StwEotNjI\/2epa21l3dsESgafWtAOgsOP8dVwGNyQWk7kfZkU2YtP3wkR2jrubDTt6kp+w9eNjD6wggP2T05FQWH+xmBW9eYlJxwcH9Yt8XKls4itrNhvZAww73myujqarLwKCHjc2m\/oYdNKg9TyfUt\/YAe7k8LBxOj2bnE6oCNzqdlS9KPvXmXQbDfVruDed7xWNXj7uDLusVKGf8X6eD9S9gwP9qNXvZ73p3G0OKAwNa1dNV7bRedBotOt9\/mO44MbewUH5stdo97SSrfg8rcveMn9qnhrd3NcvmGQqbb1ZTId7x743VoSnAcWPy4Wr30F3elCElicVtWZ91vymt54cLfX4qt5oHC2L61lvUNSfnn8OlqzVGtl09UPRG75v7R9nhQhNCWfA8TYRgp5k"} 02522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140978819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140978819,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwdAADQGnGShdQ0dwKgCfgBQsVapSjEtYxvrg4AQAOu7rQAAAQEICpcRGIq6xhZj88Ui2cwNofu4HpWPHTaoBRhi1RmcMKnIEh85BGl\/wyxuNqE0ZTw6qfWESB98\/aMRvx0N7nnceXDQy6G5jrqpvW\/Z9svpYMcn++lK8d3hdW+5Kr6YLXqQnQabUp+\/vLpev3erX6nC9rrBd19w1Gu4cQPz\/sK+TtZ7x9dG+zebAO4sdpypzaZ3NF8Mi9dMnAN+N3I6Vra0Xr4X\/wCCLBH7wcH+hUOYvayWPK81kjfpByWpy2oAe6B7341qZUv3EH5Qe8TJ+yf3tHt5tHg7\/xo0adupMg17sQ\/9RjpJAYAddAMa\/c0mKXqfCVAqM+WJi1aXdW33mrVaK0xYZM16TGIAoRLN9NqTztTPRQP0Ej5rqREYuh57b7bo92Yv3\/RmZaNQtL52MXzMVb3PtDHBxbti8GqwnF6vE1ilIG\/4Nsy3yBNf3GeD3lUxE0dR1hoBe68Xt+Miq8Gs1Mr9eZ3d2FYbFt9SQ\/JxQmYdXOg9IGswomvYmK8XbwMbo4mtPtlBuEViBcUg9vxYqCtg7nG+BMxOWWFK8HfcuBO+PB2dFaeFQ6tD6nfEtdcpQJ4NeMUcDNjoL4ve5X0xg6XWN4XbG1Tyr3zxeFvGO1lTRaaff629X\/8qwCJgoKVOZjvgIMMpgjpgri7IK1dqLiwqDueycAgtgJ8THjSvAwF3pxuaifipvqx7asJebgcGbZDV4M3gnFP4Fa\/Xg3w4ABvAsjWyAVhp\/rDNuJpaNyDT5tJvnrH7vg9bNnDbUavhmEoI3wB+c9A2knHVe1c\/zobNQaM1aB2fDs8GpwO34gOtJPuiD3vCUgd8tze4d40cnjAbYjWTeRTUuploxuaGwBrU2Ld++nYynRX1wdmwwbI2m9283xnyY8An4tdwBSI15HV3q6gfZKgyB0LY2JC8Sk80P4LIAPGINyO6Aj8TJmKS7w9Ox2ej0xEjHub7SFCdEaWANXoyOTgoTO6xp5ESF4KBhy25Vh40oH0FrwRQsDwTQ5tJi6FBbScHLcODg6lrdNg4jZtq5DYVa+h7+MgHfmIKv1MZ8RSQHd9Oh62TDAHnXSKnmMhrayU2z8PsA4hk\/esgik6\/m\/XzXtbLmRwR0S8CYwZPUx\/kXjyJLGH2rMGaxx0St1fP94x9Ih42CzJmfbsCmCwQ2JG6znolPyKNum02syLwTOJV3pZrH1prSq78vLdmxVa31xLVW5fwj15qqX3mmNQ92IV+sdxzUuxeGNiebTj7fO+HYvzy3fWe28NOTK8ZP72u1\/ZgreI4bU4nnVpnYZLVXq3Zb9a6NWB8CzezJ\/0E7glCvBwRAXNQsgVhYUJ58UeDLf6gvX\/SOtEWjQwEu7a9f9wqWSo+OaYE816b23hLpKMtfiZx5PDEwOxeQLEqFy90r5QIskk2zS6yy2yWXWXzbJFBxbJltsrW2W1eW01\/+WVW1JqHYfqzN\/QsaC2yt+zBd\/z\/Ph\/3kUl\/cT+fup\/PkmZTCqiuA4mzHGVKBp\/1Ik\/0HNnn+cnz5x+dZC+RD7ZVEF9IrfHH\/Iuj68V19qV+pcn4Klz8iQun8PgzV165kVB8Bh9wSJ9OD5x07BDp6eCsf9p3yNLEuH5Xi+C5tb2+Xzrhya\/z2mBSDC6L4cZpEbjord7PB5ve7XoxQl20siuY9vcbCeLLxWy1QZFTLDfD6arXn\/HBZDocFvPNdAX+2czgzjdXt7P19HpWbNC3zDcQ4uFiPnvPhamOaGvAi2Et+yavdc7P3z07Pj9fn58vz8\/n5+ejbi37Nq\/V261z\/jlCuXL+9rC76fxMwePjQ\/72jruNZi37Lv828i+1t7Ws9vZ3wPz3ee38vFNrftOsPanXmt82aw2q8vedJz9\/sNn\/Z7edN\/yTduvDetkUbZyff9htPGl8uDmvbb84r+nNeW1Dvd9Rb2Pjazk\/p89\/ySHNscHz"} @@ -967,7 +967,7 @@ 02881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -975,17 +975,17 @@ 02277{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1226,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140959776,"flow_dst_last_pkt_time":1654385142015753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1625,"flow_dst_tot_l4_payload_len":79973,"midstream":1,"thread_ts_usec":1654385142015753,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":331,"avg":84919.3,"max":408625,"stddev":132393.4,"var":17528006656.0,"ent":3.3,"data": [380392,4573,408625,215737,457,986,1014,178521,331,482,379636,185383,1426,654,331743,5741,174159,6079,334,924,170502,413,6008,1070,341,710,169481,463,585,5307,422]},"pktlen": {"min":476,"avg":2601.9,"max":8692,"stddev":2200.3,"var":4841425.0,"ent":4.6,"data": [817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12]},"directions": [0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.859029770,7.746788025,7.815745831,5.897830009,7.640064240,7.862792492,7.967751980,7.950705051,7.860798836,7.868959904,7.893837929,5.886357784,7.845828056,7.976538658,7.857397079,7.933415890,7.973951340,7.934168339,7.877964020,7.860165596,7.967057228,7.876602173,7.849090099,7.929278374,7.849063396,7.848120213,7.928964138,7.852302074,7.863938808,7.928197861,7.863379478,7.881860733]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142293700,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1654385142293700,"pkt":"tKXvZygQnLbQ0+MzCABFAAItm2FAAEAGvpfAqAJ+dxykj8qwAFA1Ocr3U6+amlAYAfbg8QAAR0VUIC9xem9uZS9vcGVuYXBpL3FjLTEuMC4xLmpzIEhUVFAvMS4xDQpIb3N0OiBxem9uZXN0eWxlLmd0aW1nLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142293700,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"qzonestyle.gtimg.cn","http": {"url":"qzonestyle.gtimg.cn\/qzone\/openapi\/qc-1.0.1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142293700,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"qzonestyle.gtimg.cn","domainame":"qzonestyle.gtimg.cn","http": {"url":"qzonestyle.gtimg.cn\/qzone\/openapi\/qc-1.0.1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142780674,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_usec":1654385142780674,"pkt":"tKXvZygQnLbQ0+MzCABFAAI8ibZAAEAGosLAqAJ+jvq6IpXSAFAyVi4yuWM9GIAYAfYOcgAAAQEICmpGcc7084qxR0VUIC9wYWdlYWQvc2hvd19hZHMuanMgSFRUUC8xLjENCkhvc3Q6IHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142780674,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","http": {"url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142780674,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","http": {"url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142822486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385142822486,"pkt":"nLbQ0+MztKXvZygQCABFAAW++zYAADsGcsCO+roiwKgCfgBQldK5Y27yMlYwOoAYAQVIgQAAAQEICvTzitlqRnHO54B5x8bkMcj5rKNoQVor\/BQm3SPhmDDpDadH0sdUWEzHsJJG991J7GNcFmCfxsiCjLv8IWZo8ULPdOfCMeRMHHcaL4h1aKboaPInsYMSW5QQo\/JCypuKRdiaRrzY2sbGM\/MaXYMUvlY4IMPTWRAEu7PZrqdtp71d2OBq619OgHIbAeKGBf4Bk3Id+7\/Im81abelC9otiLtO5YiawFAcj5R83pbWUcSiA76rl5Zm5g+uGECfDCS0WsSYMIje33Kz7B\/CQHCjw+nh4lksNr3TtgeW4\/7JajIFAnfl17iI5bMpgNpVCgF9JYXCeHhfCCyiGI\/A3u+npcQq4MpT1eNV1\/saxKMf5Qld4T4rFFSIEwfgCG6P2ha33lVMWBaSFxO\/Mz+reiumYzQALP+eugpm6Q068chVxjvG91RjkLubAMoQDS\/mM4KwKspbzcHmHS8I3JKFhcges1eYj\/zbOWRn\/zLtgiQYZGgjfr8jKeNbuiqxLnvV9AR7EGSgXQt6gokwf+DutNqkLpb2FuyF5RXWlXYorjBev0MFJGfrmGtJd0nmEt8TAsc6HgqosNCWIgBZ\/EIx94x7v5p1LZ37xY5yDfD7teu0ZnLVzreCO3cRT6kfODUmHBwAbkYP39RCb6OD9O8RxxhjjnTrNrfxSTwe\/9Ap\/jCq3bGHW9OQ8Gm5fmTRUVwTYDyvfTZbEUP\/xOjLeI963wruwl+uBpHGIGjekHuK8l0SLl0g6pAb4F+iQWhtJFEsIVUiT+yWC6SNbe7EQQW4hgL7iTEmA0hdpq08vOQHZVq3u6M\/V+efq\/HNQ1sIp5t5lAUlbZrMHcijjYEukGH\/U1y1\/R9E10r2UGy1kBD6G7ldf3OBf3EDOMPJ3eWBdLh3BKN08SgKpcwBGu466yzavc4caXSXxKBb1cwUyYZLjMYcjDi09P3XFJ0SsXpzC75HdI3sX+AqtSARtclGx0X+hBBJhsyP41pofAbHoV40IDXhlkAqu2Xvp971SqecErV5bCH\/65Z7X9UlSrUeC\/VajwtN\/Mh2OP5AWY\/KrPPEpbXBTrhGP0\/drXl9b1ZRKfRkpIsBIEQOUVOEJSRKrx5tv9cs8CLA7IDFWlQPElS8mbTe\/FO4uBUzpai\/4e6NjNEkD\/x4ZgoFXLg94l\/agS4O2twbkzdeIG7LuYbfwHO76ewTIlFAsrsEvBrnz9wTTNN\/TnzpUn8JQ1\/dtrIKxXa74vBeLh9AgfuxeiMxuaBTfIvvK5V+5AaCmLu378MinCP1sJLxucnjd5DsEaHLL3ecT8g2W\/QHKN26grKg3503SO2\/2OxCu\/F1Q5f3Ice+Y\/x0VdO51gA8bbfeGHjbb3hWyAHeoW70q+XcMrdEd7zrg79b6uuXC73UAFURSwyrdBEIN+jX2rzjIfyW+4pvf+uZSH7\/Gc2MTbvFBbbX9b16PX1pRGaInNqfGLtHsUG8B3BtmqQeBlhpWHPYRpVnuOJzeNZgLCARxEVRyaWKKRTH2+XLDXc12oMveqHL3C+SNepipqTSMcGdGzahhXQ+6QOkPgJRGSQjkWV4Ihw5zcw7g5EwAxblTAQnq5qbS8j42+Sd9fHqM7rDAaAi435TSllIRWgNcggISMZTiMSn2Xq4iffhytWQiEe38ThBxbwfdFoJzj+0YwbO5hgM40IsBqTiUXYLH1oBFcUKfLbjQ2EIyfrFeqTy9WHdaf1+sN9pPGxdRyW42KrOLgfPUuaivc68Az\/QdWL8YFJ6SM8LAMjT6K72yfsZLGjwMPCc9x8WNKfLmVin651eeKG0Byt5g4BaGw1+4KUXMDq\/IbxY5Z52DnCKBtwYfZtEkuOdMA4d5p8DNe3HW0cb5kRtcmr+82eVnLKJN8C7lbnah\/f\/T\/hnL61q0OUO8Mqo="} 04394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142845976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385142845976,"pkt":"nLbQ0+MztKXvZygQCABFAAtI+z0AADsGbS+O+roiwKgCfgBQldK5Y3R8MlYwOoAYAQUXfgAAAQEICvTzivJqRnH4pI5HyS0AYhnjQ\/uM5bjVvdjTZUjnqR0eArR6Be4a1wlGx7sAYKbldp5x+4IB7EuNMmGKaDrhBGhnYSaYzZrRF42BrogKrXtwaM6IhhfzBp54pTv5mxi1Vq9j6Sj+JkZH8edt9wgeNtxNd6vtvoXHbfcZD7n0Lvbexf7DJ9aouvusseG+Yo1N94A1tjgH\/j7238WVfeYe08Mr5p7QwwEzNKvL68eaaywX0ixejNW1VvuVX0granODrtiMbh8LsjjmjjFVIprX1CWWhg7qrxxkUBgrmJQ6j6MULhjinsYyyhrGtKm5PH41RvFS4mIYIjSJl1pQEMXQD4LVF1Us08JQLyJlo6NiK6uQyqLIR1SJIJVAyRv55Gr+3qrT3MgoOM8R4tWGjOoZitbfxw3h8YUG3RtUSljx8O8cxw2RubmceaIyt8zMuZLPiDA6gU83k1EwKG6JrCxDEWtxNoD0rV1mH\/NYtEoxq65nBCrYnPpNY9HX1mJPWi7FmLllQgRRwrU6JTEf4xo9g2ealbex03yGkYNE+LWlCYLxM59i7W2bdbapzuJkPNq4nBhmTIwZ7HM7B8AIU9jlF\/7CDW5rCNS4yU\/VtT8x3t7NI0tF8sKQQPT9mYSR+KXo43OVsiNSagq+CO8UiwcxhfQh6l5ohfHWIeEnJSpVG4u9onh2uW7JILC12lLhFWXnc8N44Sw27UTxst41QNTwV+xYU892vhrHfSIcd65w3CfAZ5tGKIzPy9Wwwuc4p8r\/srrxb9T4F9X4N2gccOZ3+Km5ddhGhDm1mpqf6ZUTySUzhPOVbgDchl65OalowWeIcCWnGmDka3MOWGLg1gXmPHiEOTcMIXI34AWOKdKmQzVIfGbcoKyOvVbbJR0l8+9sZoaQYfKS4LWI39QMxb41wsq3uaszHXj3xcXNrtl+\/NhQEvyYvCjGTlpx5VvljLV9\/BVzo0K+uomDOj70hNX+XJhV4UdqltzbraCdMzEMEyU2zJnkkiLZWU5C3bJUE3\/8cHZuucEwum8ErlY4k4XujuSv8srnYT9bUi0vK6LnxjV43BXl6\/H7N0CLnnLtPhDqw1E8sEUPKHoeWqyjeCpvvRIlK5X+YdIIpPDOoDprBxtaWhdISZ8UYQtTjCgxRJ4nuZhaXFq4EvaEQMxjuWu5AyF6FBXgFXcJc2RYo3xpIY5DUU2Glo2X9r+zWBihZiX2a2QEH\/CRBXJYjlerovJNyUabAltDEgYkRVE13ns4vMaLiVMYENSc8LsQMS3EO0sbQkNFVeylEgATyEDl3O7iZCW6SRIKY5bkUFMnydnSU3TEWi6wdJovQbEI67kSl\/kSFBV2M1eiu6KNrVyJXr4ExYjdzpXoL48Kx9On8fRNCHq\/wk3xDa9SywcRHKz4an70wxUl8qMfre7XKJFoPUmQLiZy+Coh1G4g9fHqtZrQWo3zazVdXfaayk7V9yYJD9gEGXSe3CTyPDFPrtvV3b6lZm7N6cTbOVnnDDAj1NsfjsdxD20IH5\/ken6S7wyEgYjnNpGI9CuGiduUQbS+wVEAs5Q78+6TR4PCYlMRckeNSKIVJnUKocQ4kbaOUQYzQl8BTF9kOy9r68JLVvPOST4gHhffAiAAtOBH+3gZMN4FH\/gAtbA9YA8BgF\/y3BhNtlwgRlIKeIsnCBS8w456wH4Ui3iMVy7dXQ5YivxPZrMN\/oMUaUI2m2h40Y81vuqome5U3tsYJjPF32Lxjd2hWUf7QDjUmRQupWj+XzWMMCisX2WSZsnUVO3uqSFzv47KUHJHOKRxAiOAPRsT5MMpTJH+NnAKgCw\/Re6khvgvkssb+V8xcOgzLLE0ZhT45BwMEmk\/fYrN1lyte5Y4+3VkCz8nT5SquzrCNCVsu2hnYUDdeyNARsgsLtMJyWIx75RiB\/qaUijgcSBVboGY5puilf1EHUvSCiv1bdZ6H2PkdfQBkg8n4kHYR75K\/PW\/MeyeDK9hJXCAx6bF44GYiwUKXJG+xCTVgEIURHE9l1HXGRu5jA2dsZ3L2KYM4VBm0tcGFX2oyRllBMwVoI\/18oO4BCXPPSBPs7HY74\/8TpKFTptFVYeJodt8pLc4v6+TBQ089vhVIrqMa6VMO4Sia8Jx2hlgM5ISrkxWvjTW69evDs\/O3nErIzUVRA2S6w1qOxcdCB7meY+MN8ZO4zssh9SqjchN3NR7bx8lTuUSrzbiJIOd+koZpzOVe1+C7qYIyc20QWhoXDmLp45I9WL\/dWIbcYNjpFklD4c3SAX+W+T88NGMdlEIxXb4gloteH7H8Zh\/iDcHslxsea7pN0yH3xl4\/729D10m4zIlT4gDm4QlwCxtOavkG8C\/fUI88joGaMIzN3\/fyCdEPOcoaZnrFIYpmwZqO0q05YS2mtQ2FHoP82k7ZiPj8gR1\/EgBAaxfbdlicyE2wLGqliORq0AhMxGR14aG6i4vpaaR4lRiSKbAlGedLHQCYWgj3wfLauRj7H9Y3YNWWxudQSvb7mJs\/rcmC8jhLGvRBe36JX+\/xMfElBG9JfhYYbMr4QkhOprnZusv47xF9axxOQTMLbdWEMaasGx\/MoA880Tkakr4cMfx6PpJlSnUPn0Uo\/QQ07kDHzBsz+UhU4X+68q9d\/eEBkvstT25167EXksRCWAMdbnfRP69f0U5A51zL4KhAune3GtgTIbGA9fXTROJMfsKY54F9hUg9JvEHTjmrap1nlNfztngORvLOds8ZzOXI7FlX8qVpQzpLyy75R4C7exfoSDp0Bc6yhvv0F8ThnH2jcI2nbYzm63d4OmJ450fKvNfPp03sv6+d6Pr7y\/O4GxW+GNtX7VyUyxqsz+8n0BUcPfRpAIKdaAGPk+wuqv2KC\/A2xSN8XIiCYsP3FbbcYFEMdL5aklTdsfrtgZtv6f4ffRPczw7UcYsknACIguIpBCRs7j8BDVe0sxCS0xX7IY8UEYmZQVoNcKwH+dIXOFRbMcIoUh28lCheGe2zTcN6cm0bCsxLCACeypCfrlWN76fyFC3Ik1sXQPH6j0u\/dtyjZ8TFkgCsel7Ll7gBRsdxrNJUjZNsRwrYxkuwkBHNKFE+cRNKo5tQN6f1fO2435RL4D3v8qXuuN+k88bjvtdPsMX\/5TPUJ51xDM0FMjnZ0CPy+fnsOTy+QVQ4vIZL\/VO1Av0qaNe4NOpeoFvZ+pl0yDOTiRKDRcpSGYMHmZqta9i6EpNjVla+iwG5vx\/WED4QcusAyARzmYGnWMQa5eoCHo4sf9M3Pd4A6wHne64x+Ix6Lgn4jHsuB\/EY9pxT8Xjl8Q9TxY8sruiye+JETjJeRAnOpDGvGrUycVVkgwbFUPnUKSPgbwAcNYveO85rx3\/U+1js\/bxQu3kn2qfmLVPFmpnndzAtNqI6ruRf2dDf93j2D3BWMsYtFzKJWMul9RJDt59wmWReksyICc7g4VNCUCEN9PiZaDUEUMU0uFy3gUgs\/CCtHIk3IEf9YfVpSRorVXn5o7td2xlFGcCkSSIltOyFWnpMvvfahuAiHAufap6\/gf7E0bLNptBztBoGNDiB\/vrQiHVrgNEBKwX+iKsEDt8sL89XpFXu1z40uel7vAvcE6tG7vDjnvHcfS1cfXeiJZGXeFlP24L6wNoPZ5L10\/cxSggQOUkzAQ6T14+bneL6ncywsTDpJK5N6jtUHJFH138c5L1boyertj9LPaW3atN\/wBzGPCat5x2PHQt8IYcId7G8FTZZTYKh61w2B\/14mls+f6uafTFovszDO\/WhNlyGncxCi4v0TRfeJ4Z044l5iS+NA=="} 04421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":4,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142847084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385142847084,"pkt":"nLbQ0+MztKXvZygQCABFAAtI+z8AADsGbS2O+roiwKgCfgBQldK5Y3+QMlYwOoAYAQUXfgAAAQEICvTzivNqRnH4zMI7OYkbfPC7nb\/qbrxU4lZcW2xG8+gsMFrcaq8Zc0O82QwN9YRVYyP2yWxPxYIA2lObZSvDBqdph37uxr\/PUVO0gfR3ZRSM8bjGX4xPCB3bo05UakDbWqPrgNscOg4qYBsqG\/tobNBpJxfzRsS46S2xo2LN2PV0+CMJf4T90Q+gehBmLGG6qY1EuHeLiBymWICweb7IMIsAyWhAIS+W4mKdT5G8zsNgeEOu5F4M6ylJHAFtUc5ewTq4G8V0fe10WIjiSYxBArKfdI0mNVAIrqcYEbJglZRTFbCszbgRLV070rT4nUINVH5A1y2nRMY8kePNwxBv1hadxxAF4noYbajqoEMw9+81TO0VfjwDToem7KbDPfBvOyjPuev49m2n9bztyyUYjeObHyz6Qa4D08mP4B72bwftn6BK68VyQXQ\/QKuZhaJmnIrOSvHsfScnEf7ZyYtW71VAQrzOYitPqu2qgQ25JfGQo\/Jd\/rY73+0YUt8hICYvl5I7LqQZ6i6ZO4qGpHWFI16FnDGnnNjjXdb3v7IomvYwOD+Zj0pTFTMURL6EnU+QF954RpOdaDTeHY16GcZXs4LhsBezQT66hFnCzr2rBnMmMdTuNOQk3OpuytzZzKjSE1G7MILBqjAXOr9Zx9hE\/RHizmvsN0cW1IpKblYbGxoR7ndWcvlbVZQ0LF\/oCqu5aPOlZOapYX1\/o4Qib6Rfzb7U3b3WsnXaSz\/t\/Y6720EZ1\/6jwLLQ6iValkbCjNm1hM7VEnaJQHHFeKwUxKtnvt7k3rLcW7oArsZg54vdWwzOlrP9V\/MbcMfXnKIOKMq0aUd+6kZwRPArvgmx0ZnnA3gDR6ez9gB3dz8MqMTEDyuv3Q63vVhVmwhUCUa+NQ2vB+yGZT26YNntUPaKb244eCHOL2o+Ustj6M2tTTuB1H1Y2W9uZ\/d6DrRvtirUDrXjkMcnxtTh+GQfVjkxlZVGvcf76q3sa80DKkQYru4LE\/FXHY4XrcW1tLTxQZr7VOGP35sYF6NtLiw6Dg5of5QQeDlIWhGhLwdMpHEwsYDq94qaFskWXLOCiTtfGTRNSGEO8xQ1eiHLlJxfUFb58WMaJmyUOWiOql9dxpUpqL6RjswHZEz4cKgCWMd+qcQqb4CMvkFJBF1aR1ZxqNxAVdNwMhU3TNlA\/ci292H7+Q\/ynpEAaNYxitUb8DnIOYoaMb9AJMbAK9Ec0JhrPUWHLOpIaEPr6Mpp0HTUM66gSrXOJvVEgCkklTIjNljV26ruhF6pFGpyKvLRBqiS4Hcns5l6VL1+jwb1QBMaEIReRmQYJQ21gkbO8Iw7KpAFYbEYr\/ny2i8VyiqY69bmCUecdMli4CeOY\/ofz8k\/V+ueUkMPI9jCS4pGYTA0gR5d6K+4zSKoYKjUpkG28RSnIX7V2E\/ps7TOYYUvUhsWlPeGIsgBkTu5DkNY7JwFsovBMHO4HHqYsy16LWh2WKqcVTJXufCwNieoyNviPsbCWCNH+i7EccQv5yg6mM7QaZ5FdPW2EX1F0J248\/PRRD+uii8iwyuSm+mCnN8w+vw3VatmzTedFfGiSDD\/i8YCzpgecT7so12rPt903LfGa51ukn3HUzQC+v1Oog5hjhIv9z1v5C+7Vqttourl2EiAj5wYr5D7wXitO+5H43XDcf\/Sr1Vo+9R4fe64Z8brtuOeG6\/PHPeT8brluJ+NlrewX1\/U+Gt1eP2qXzfhy9\/07NSh7e\/69QUM4k9d+Bl8iqXqdRsGEejXOl7Qm8ovVzehqUjm1mswhli\/QUOJrvnsheN2VGYdMlP1hoPP1Ntz+OQlfwPwqL3Y2HRb1u7PIbtNz09fxTfvT7e3v20fn364rm0\/O3g1CA8\/7t2E7z6wv7LJ6Hz4Ynh9MN16fxPuXQ5OD6+y3b370\/NSPXz15nXt2+Vm9PV29D4+SsMXz9c7R7u7u\/uH8f3bm7DfG7Avm9mH7O0wenN6G\/4c3ryvn95EX95Ovn85mbAvJ+P3\/a1e9GpYPXl1nL3ff9v\/\/uWwGn192zu6HGaf3rwdRf3Dy\/jzSRr0T7NgI937\/uZk79NB7+dRdpt9\/5resq9vt6Ds3cnlt7vjy+7W8Xl3C9oZhbWT2rf+6U3w5XAUZEfb0Zu3te9ntxn7evKJve7dfz\/cS8PBKdQdVcPB517yl+9bLhzgu9ulQbhd7wZvO\/ub2\/ejD7enk5Mv26fdV4P63bNp5zSt3o6eXQYbr6aHh8+GB+l1LU37m+Po+5vv2z+\/3gzefX\/f+xbu9f76dNTf34w2uu+ydDfESXn\/+KREN0E9mnz\/erIFAx19qx9W2ZcX1+\/7JzfB+f8pk2Ptrr94z+rPn8fPjl8dfKpnyfXkcHDcqe3Xjy63r4ds\/fv6fe\/27dHXs8mX5N0GTM7Z0cfgLphuHn16vv3h9dWrg4+Dk8\/j60\/Z8WXybri99WZ9\/6\/b35ya0\/T7xkkvHHyH6fn88\/+oqWmjcXNXbz3ADT35trmxubldr9W3CH32ZTJi14HayS\/qsFuH+nUTkM1Ivm48q77Y3N7YhM1+pdJe1J9tbG8+A1wxlqhjs7pd23zxfAMQ2cTc6nW8ulWilxcbW6bXf5rzvvq1QJksTcgwNovoyu8JBrilYG14ygM\/aAtuKcQS6pmK6Vcs63K5zi+VSqEjNWM54c4Rv86nwFSU4ImDApl\/aAuNhx6yqBG51J1GjNe8vA3xSo2GDNKgAs7G\/h30jbkWUF3jLFatYZB+5sdKOs+4dF4nOSGaGKvwcMCO8XQhsQ8XE17hJRA4IWW7uXbX7zktvGykTX8rFJ7+6Z\/6uhOXbq5Fi4lvoW3n5YRh8wtdW0N\/zRj8PLwcN7oQ3pcWVLQWbt6hC26QvD86OUN\/rChayo91qHKKXUIUq7pGM\/rta4EiukXT7FBnuTOcvo3QnVgZlSTAlPgdfE8WrsdJ8HqcRHMYFi0yChgXgl8KWztBuKJrsY6qlMqY38lsZnI5ZFSyli51McnfxwRUc+K\/x25Alv8WH4jRwJGu\/z0crGer7zzi1j4LHcUL32hGk3w4SBjp7cKtDmrQycJlRIm\/vzgpC4R7AmXwSpGElObyUhHD6V53cZ5UjonfTrAM2uiFpSe+9aT0VvlHwMBLT6wnHiv5Fl7SNBe+5dZLhLcSk\/5OTbxJorF4JR1MH6THbdhWSC6OQwzU3exAWztWAy+di9ABg7+XCMqNOShZL9eh+A5w5sAu0Y0bGJmrWIwqUTZGTff633ZvOp6Np70ZyrOdP+VyRE4z8IF+5ndfeB3cWx03d7sFAfjCVuvQVuus2GqckL5J\/Vu7ZQXDcYRRPxFN9Nm4kw0aVW\/Eoggq4NNwkiGUNcjkNbuJvZtskvGb7Rv0CAg2YGG3Mx5eD6JyOOwNxw26z0bwhHj23PJvRUCq9dh9Ixvg5Tlluu2X8u\/y+QFKXjDDEAanWsz7TqlahHGkdFRUbhNVby0UwdxFjNi9+6PIDkvWD5ijFBUQ6JkKp8htlkx\/4A1bJcHnq8h\/LPpxm0XT1E1yaWmcddKpi9G7Ov0eBe\/q9MduF39\/ZoDDW4QPUhkqICJDCx6BSfMafeQ1+h5g12xyiPpKjF2Bdigc58MmfbD4apR7cTK1GmnJGt1ZpT76q3g9iab65JLXcR765ncG+jsD\/M4g9x2ACG+w4jtjHJfV6PAPDehDffmhAX2o6zwMzA9d6Q9d4Yeu8EPmncNHg2nciccL9w5jhIMrswc\/y6RpQlfRUrd0RZ8u\/DGQH7\/CO7jMNUDdAbTwZ+h1fWNNYVj4Ft+NGIZt6Q=="} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":5,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142848049,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385142848049,"pkt":"nLbQ0+MztKXvZygQCABFAAW++0EAADsGcrWO+roiwKgCfgBQldK5Y4qkMlYwOoAQAQWk\/wAAAQEICvTzivVqRnH64CduUrrzAwUTfEXudZ\/vsc\/3ucnBEHf3RtcIAhoxn5N76ljH70R2q+Pet2lOAOXfA8rnYQRU03vY9F6uacS6e0bTHJAaCW97z2j73t2DtvfoGcrf0hDcThujkgDfb3dR2Ej0gihxJ0sgXlf2QR5D8yS0ArLoAGdRGSeOwnfs+UBYIbUxENTGHr9MJpm7IqMrMqI5zD86dtyOcRSAUvYc40YRGvjP1H+wgEu8e1G1MDKkVds2np\/r53pVP29uP7+rbfHnZ3X5bCprUmV1W9tC\/z18gpIvtZ8ovJED47aZCG8qIuGLqqxYRz8UVQbeyOr8uZkIb5S4nUvc5on1XGK9mgu1zJcfZgEdjtgAwLRRcwEks5\/DwZT1GnWU\/E0xbnNj07SjTg3pxKUZ3XU\/NWP\/ZoMvCIePXT11Ofdy5Tlk\/eIyrHzpVXGFN9BkvljEH16pyb\/Eg+JBh3BCqi5XlCPip1iMRlRjLaXNGfeu1RoRft703wiEIuar1Ku8Y340\/2mfuvup450aXY3YY4P6aoqI01U+fNoJcs0OKl+L+bBMB6nU0dyyycceO2cdIAlRyBej7NOTWacx3rN0E+9G+xQ4\/TQOY3iNlGKHQcb1YKrec3U+8\/NSZU5Q2H44HOO1RypxLIpj4sEAj8joaLA7SeJVbUI\/hffaGSoCZU\/NNl5lE2pk7\/7jddDLJmk8Vi1NWedsFIdZkoVc8C8zhBDzMzIy5PEleqK+kPSGDPXsu9GEohKgcgExz2EqhpZF8SnLemoWD7O7OJIB231ln50vvSv1EmcjFsaGObIZ0F8tVZ\/dfT\/Cg+M0RsKRsidqCMjGGBlHkVTkqWpS5YAhjE05bSojl+fIjIAcNMkH29o\/O6thNFKGVDlGg8fHY7zJRVcSY22wCvoyKpQZYAgjQxRqAit9uRL28MZA2vHm1a\/pks+FKQA3TOWEbU4raDfxTyNUJt\/\/qnj674pn\/674MKe3MYw688bXqVO5RFUHRpQ2hLamoeZShd7KCrSGbzmdKf0bb29vBVUBG2ESj28ygFXybRTxv9bT4WRKfyqXEyRU3\/3bBoAUiXvrRN5U6FZ2aOT9v21kCKcH0MX5Zrw4st+m9POO\/7xPDYL5WJwtIopV6Isrgzx+u4WV4H4k\/lOS+PrmTh5diqnbCwQoSxjOndIn8gxTGotAW0It7AWkx\/fwtABssU9QDvhzanORzSN54psPdw28uiGZlkP6ce\/hfToclZEtHUnlUpyDOwOsPhjsQ9UMTbuXOqiv1QFtQgqIM\/P3UoyyoHatiYE+pgsBYxk3jRiOJH1AN2Y1Nxq1beLM7c3nz3dopys\/q02egd8FDPSGTuwdX7zS3ldFt4SogRqgagly8uXQWU92Iof5257k4oGlQe8qtBWS5HICE8EZmR\/jeDICiIJzAe+jCUWDOBWBUuGJlfJQkLKQ5lBoXIQj9HvBaYr9V5EdVW55d4vFNTve8XECLcEZQkeiCkIvHBe3KBsxbyJDnSJej\/gMyT4V\/FGrl1JlPqkkeRZwxxZqajCoLHItp0TphA35\/h5Aww9zATw0FbmBLsQDwNJ4LIrZXb84E+IroQkUzohGQS4esfnNIjPqiGbOeTmyY85fSKE2HU6Woa4ThdC8DHlumKGwIvhenECLBbDlr6dxbmvCXFtpFkXxgJI1Cw6tAMfdY6NJvJDjSJegNeOiljNjTmHjGv5LYmbDZplV7mA678zAEKoW565foU2ZQdQpTJ5osmve4BerxFqRSzOHpgD0ALurWIxs\/cblKwJLAQzJEiIvf6XJp1\/TeIVAEc22A3S7gQk+pwtGkWjF+iWlIPnA6n\/FWYl0nHPZdKrIR9Rwp4LGtp0dPzFvBvv2j\/2SFfO9+iKglJaFaeGOzQDU7xtV5+U="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385143337063,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"thread_ts_usec":1654385143337063,"pkt":"tKXvZygQnLbQ0+MzCABFAAHZOzFAAEAG8R7AqAJ+jvq6ro98AFDBsgXgq0aUtoAYAfYOmwAAAQEICoBTPnRMQU2TR0VUIC9hbmFseXRpY3MuanMgSFRUUC8xLjENCkhvc3Q6IHd3dy5nb29nbGUtYW5hbHl0aWNzLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1263,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385143337063,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","http": {"url":"www.google-analytics.com\/analytics.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1263,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385143337063,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","http": {"url":"www.google-analytics.com\/analytics.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 04393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143361109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385143361109,"pkt":"nLbQ0+MztKXvZygQCABFAAtIvVUAADsGqouO+rquwKgCfgBQj3yrRpS2wbIHhYAYAQUYCgAAAQEICkxBTaqAUz50SFRUUC8xLjEgMjAwIE9LDQpTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5OiBtYXgtYWdlPTEwODg2NDAwOyBpbmNsdWRlU3ViRG9tYWluczsgcHJlbG9hZA0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NClNlcnZlcjogR29sZmUyDQpDb250ZW50LUxlbmd0aDogMjAwMDYNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjI6MDc6MzMgR01UDQpFeHBpcmVzOiBTdW4sIDA1IEp1biAyMDIyIDAwOjA3OjMzIEdNVA0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTcyMDANCkFnZTogNDY5MA0KTGFzdC1Nb2RpZmllZDogV2VkLCAxMyBBcHIgMjAyMiAyMTowMjozOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQoNCh+LCAAAAAAAAv+9vXlX27oWN\/w\/n6L49nLtRoQEKG0T3CxKKaVlaAt0CpQl20pICUmaoUBJns\/+7t+WZMtJOMM7nXVKZE2Wpa2tPctvjDrxsNXt+MH9ypOFhUfb3d5dv9W8HD46uVSPttvdwaivHu23or7s3z3aGg0vu\/1BceHR8YfXX5f3W7HqDNTyXqI6w1ajpfqVR1s9GV+q5dViaeHJysJv2X8kZTi8bA3G44FqN0Q7TF8pRRTcy1AWB712a+h7RS+ookEcSlmV9dJ5q\/MoHo+9USdRjVZHJV4YDu96qtt4FBfVrYqP436rNxyP3SffQxdeAe2DaqPb9\/GcVGWxrTrN4eXSkp\/glZetxtAPgmpgC8bj391W8qgUhmFUi8O4npwvLeHvYhgeRT9VPCz2+t1hFyOg3BqKKvgT3k\/0bzTh4V9PfaEdQ\/yIvicKouKlHBzddD70uz3VH975cUBjkvWYOqA\/wUT8cjrImkdoLoNWw5fTPURB0FfDUb+zWKqaRFmPpR+u\/PBrFfr\/cjjsDWrja9lqD7vjxrAXVMb1H5WV2n\/On1BxHYnx4yBYaVUZEP7FAg\/Dm1Yn6d6IkUkUabmH3f6d+B0m3Xh0TY3FTdiRv1tNSfnidmqGfhdlkuz8pmr71FB1VL82m4WqYrEcVKhoOKQxcOnSUu7R97odWnvqVH\/\/HS2O+BM6UH5XPNna3d073A3T1HhcP6+mT\/XyebhY0s23wpVKvbT84rzweEW8yo1axDnYXfIcYAtL1WTTwlU1KRToEylfhZLAxLYIqQUtZqLibqJOP+1td6973Q6+QQF0i33Va8tY+StnhZWm8B55ASDTLPSjKFTFQZuWxy8HxZ\/dVoc7FHEtqszpMZrX3WQidqYWIiJIjMLjYb\/VaaLRsLvfvVH9bTlQ2Cs0XI\/3QNxtexgNbc5etz\/kNG0kWxZu+9lDMB5v+8NiuxtLvCjLr2Zta1Sd0vbNh6PrCAtevOwOhh15rUx5xe2Gnqlr3wNgUyfZC2vPSxXOHeSz19fXKp4XBFRI3fJ7sfHSl4ROejxecN5lc7NZ3BLU0\/T0mKV5zeChkUn+h\/b26ykgEolQGjoa+Vmr\/s1aDG5aw\/iSCu5jynnkjfrti073otGXTew3r5KEnleVS0v0UX3VMGgPySLtUXV7RGv5H4IYAtaXSU2XVEyFwSgaDPt+SST0Ihkm1aiv5FVVvygFgIoMG7kSntYKNoWdsL+ar2rMY1r5cXNzc5Y8OSuuMBYnlEf4MKEtgMXBBtODQY7ZUTSo3IAARfTaaeCZhpBGDjAaKTzkO5PDS+qsiF8DCC5U\/PExId6KhixTJ5uvclDLsitUrZA9Vh1ssUJ7v7QZ+glQT5AuiKxbpLFcPtengpNB6xlwJ3q7ow935L9Gqn+np3+gZD++TCffq3mY\/qriGX1FgKcsQOa7ULeEaQcEm7qb7Puy81mG5RSz1XLDqwDccp9IK5brPoNNhhE5cIb4Hz1EXZ2OezlqD1HNwu\/EbC45Edu549Hm08SnnVW8WXCj4U3Em1xTPlXD38WYXjpUO211zSeIxGcuLS34Eb85lJYqibK1pM8jsiA2UMpwIWLARSHGHEUP7ACDIu55s+nuhd1P9GyTAq0ruhNhe6pIkUJWLPQSUx2dEJjNCpMWl4JRZcTwP5lU7Rc\/2vUzYkKGb0WEszGmsyrOzqoCjT+qgxg5D2OL0KJJ2seer6eN9sDWq+3XO2923+69e79\/cHj04eOn45PTz1++fvtOcFCgBc5Nf8ErlVfX1p9uPHv+YvnCs13LAkHVBD2+Fe+yob7H8rwN347H9MLqu\/DdeEyjTw\/YKKyfT488LoRremxJGBcyIBWKHlezR1rPYnwp+9t0Rm4NifgSzRD4z80rEJVREpehms5fRf5V2Hj5crXaCP3G0lqwubk+br58uV5thn5zqfyUMlbHly9fblQvl8KNtSohDf8y3FgXtNf9JiWw54q90eDSf1u\/Ohdv6w38aeLPJVF\/ds7NLqdjeiGdlkgyQZg++ld6RV1qQ89Bx3wljRrkh+iF7+qdcxzgnVG7vRj2LB3RQ97iyo\/62eDsVpbOnzxeKQ7VYOh3gmB42e\/ePNrp9+kV3mnnqtO9wRgGamP9keoQkUHo9pEcPsKLKkRyd4KqHf7V5OHVo33i4dipVi1ZFPnL5YBWJvJLWI7Ip1mi6edfjG9jnQ5rotyXy\/Sr7NBjrLlG+sVGv3u9bVbKV1gCWiNqvLG+GDZpiz5Qs0Grt7S6XsIKrgYCtS8frt3c3NxYKr+g5Q0Cop4YK+zz34PQnPNHLqmpN0pM53yYSILXQx\/HbVqhSQSk3ywOZb+piIlpFgf92CCh8fh+QsSCylWO\/rIyr2NMR0lrGNzf+t51dzRQRIt3aK6DKmVcqbtRzz7QiXXdGnpEe1Q17fH25GD\/Tbd\/bfrMWJ2irlr9uwruh0c+GD5a8WIs2239MKnqwYG2nogPc8kgGd6jQSTjK8J2SZeYlc6gEgl7cFRWaf1jwQiVn2NBQHU9qCRiQGjxLbCmmlRpnosggvtgNgZ6r0mazo8zBHxGsefb0MwTbmwQjDY2kww3NvSaEsLApl24xJxfhosx1oMHEsjK\/WXYLJqh89xehVJ0wsVFWjIzRm5GYNYZj6\/oFPk9h9AM7Mh6NIbe5qUdQ482M1rXe8QcD4ayE4Mb\/qSaO7e94N6U6A18FQQ0FuII+Uylg3Oi2nQKUx2iPK5SmgMNiErqLC1RNre2JTMd0EN5goHjE9NFEJZttiV2tWqrlTK2MdPZ174SzaJdXR8byGxj5RxRh+muudfbKwqHxWa322yri6FsXiRyKKszOaHDuMtKROfvbKOIEGKzDaI6ctaZUDKdgtlzpX4+EahI7Ex2+vFIlAxX\/OKTWnD2JPsJVkQD+fUfxD0XAv+sVv9B\/HRQ8\/9DhbWV7Ms+ObRKR92YJfM97sv\/MV4KiFYseCF1tUQdLNXQOyF\/vPpkml1mJEpHYMI4NXlYMED0u8N5VvU8EcgRJahC\/tHHAVJevctSjkda2HEOAkfRIW7IapCjsd5LCdE6OvXeN6UEsbSihOzMsfUEohz7NnAyhPRvexdeISJkeCnr0TnNhyD6rkBVC\/VYpD1FQXCedWJXoe6VPXHMbZzSSTU7G4+tOKk+LKaShiLhwP5WEw=="} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143362819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385143362819,"pkt":"nLbQ0+MztKXvZygQCABFAAW+vVcAADsGsBOO+rquwKgCfgBQj3yrRp\/KwbIHhYAQAQWF\/QAAAQEICkxBTaqAUz50UOpj1l8TnRcUCYOetK7VH+KNjxqNgRoSXr7hqvuy0xzJJp3ZN8W2SYsDorqKjXaXpjrtxMefIh2IgGTboR+sbJRWyjtrwbLvgGSpEuWHzaiaAG+fVicKt\/p9eeevPt1wT8hSlTJe4oQruFgqJsRUqj5\/qaqKCpIwWSrXkpcvX5Z\/rL14\/nz1xera8\/UKZ1QhSwqTyWQ\/jAj411dfrL\/YeLb64im\/ZIZ2KgRRGFG75z\/26370Y4pECpZWnz49N0vhUzkd11S5FGTgsbahYfUUiPNShv4p5CgtKU7rq+fhT\/yunYdX9Btkm6IlfbspvO23O9vvj08PLna+frh4vXe89Wp\/57XnED8\/\/75yWreNujfZ6tNqEUU\/lYFle9tqXu50hrRf7j7L9kgN\/LoHero1pC0w6itiJK5pFtr0G7WGHTUYUIpQ3xDo\/rPqM7MkvJF8Q\/vIPhNHN7xUHd85EemATgd39S8+5Fo6eCPtL8UBb1zBCrgJEBjxQ\/yfxgSv\/ER4F036pMUSSFHmG8PPPgE9VQIxUVXhjh+LjF+zRIIqXksIHT753AFTsrYS9dBYWmrQKmf90Jx3pK8P94mzlF\/0XgXGCoEYNeMfBfazJMEMfYisr58DcRMkVROWhkSFuJBkNHI2T\/Qae6TbrMRvCKKaGuEXPVrRAEGSCoEbYZPOc4vkGxMazGhpaWQn7XgIVGGQp\/1ebFylT9eIvtAkaX9ImjAptPAgALnnR4JmHTxhgpmEoCXftU\/bxNCMHjA\/fRmmCO\/7PI9JzdDJGp1ww\/4dzx7hu8q9izXWCGeAhzOMkJJWpsKiRvs9SXqky3COtJBoJWXeiGnB2VCGuEzRQlhZlcISNeln7bxqxgDUpDYjer\/CYdSgFsd+k5Zet5klJUCuAAOas\/4qbNaaVnxAaJIOY0ZWTeq3uXllkVWzEK4Sj3pFLNN5SBwRJQo0ruy4pv9iBtMO7Tv3iPhqaU0HShR4qKsQEHmlwbxDxJFhna5S6UZQvaJZWMKZSJSSf1UIWeJruZ3C5STJ1iipLZYridkzDbMEsUb7DcO9eF41DhuAbE1RNmg+sXGIrbR7qKpnDVQBnZvVpNYICZAKxLUYgRPwbjkIKs2QYI3ym\/n8qn0TbRqC9WyzfHPJCO\/N0acDrC5RD0QtHbKYS0tPTns9y77TbvxIMF2mHUZHEJKrlKTNieQakvprD6q\/CMxYsHdCeKYBiXRXmg2YCBlUvmcPkOYH1cV4aekXERBMJJxQQtgqMapARmUhvPmABqVJjXvES4kIfLR0WeaezBad5j+238hPnsSHp3lTIlazuN\/TDlj+DcT\/D1p1LUIClHt6URz1la2WgWS2PNkL72Mru5WhqallRlOgFoi+RkVSU2lGbOXOQzoenoWlpbgoucBiCmp1rYaX3cQuviupxSfQYYnPpkHhhKETsp0cEuIYsPLELpCibT3NNjWs+kOzTeisWWR5e0hjvCegVcOtIU1QNCK06P3GMewRfNIpZBEGsS5EqSezorpWpzcaQog91Qmmmc68y1aSqM6ccrzeI0CZKUjfTjMtCfw7yTa+FIQ0s09ez6gOktyimLmcWgadywvhrETMRzowuIO7o7BcKuG8LBEC1SejWXpJVGaiGND04bvyQ\/q1Cs1DUHu80srOTAenQ3TbpwnCAlWj5eVJHILOByimR0OcShurLBOvALfRV2kBuX4aj7\/R6RVnbKnFrAqYNTtp0y\/icbuAFdHB+CbLE1pHEFQ1CrLdxYyo2wRkea6NGLFX\/VbSVEU5GnbpBJ8jMzjygxxf4x+EKqiuae4GdGD1A1fPqBlsXvCmYnExAQqaBH\/56p4cDCAJGzUvZ0cw9f6E35\/od9ZfO9SZ+XLgs3PoMRdjJP\/m1YYxVdPvBZs="} 04406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143362819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385143362819,"pkt":"nLbQ0+MztKXvZygQCABFAAtIvV0AADsGqoOO+rquwKgCfgBQj3yrRsEGwbIHhYAYAQUYCgAAAQEICkxBTaqAUz50FGOy9nWl1qDXlndvlEQoxoEp6\/IKxyMa87Xtk9FgozfY7ncHg9fsDGPnygDrkAk9pJn4CMTHjH40hyjAp+PmMqlEhxdimXmYIpVk5qNiy1JsGneNuP0hAvOAVIuv6Gu4YMgFp9wxy9M0xrTB\/9ikXCx8ycr1+IHdoyzzA0ILpo1gVfbdKd3RTkVphY210rPVnTU6rZKs0mkv4Zg\/dssSNnqlsuI3bdnMegBh95jf0FZNCSI2N7QvcVb01gWfXPcytjPHOMF2baz4iUPgcsL\/3Zt9xj05fBJnpVud+LLbz\/X9nmdaA+gn\/i5v0PBYoysS\/d7WUB33lEqOnUqmB+peme5v5N2A+IHkU0rAOmPYY+hp8rHEP4TmpM4DeSXe8\/wSEGxd9xzYiJWp0+YmDfOIfXNp0tlYFp49ewbjWdFKWw36OK1\/qhTwdmWc+\/ouQ\/zF7UX5BUBRPzV6bfAA+pdoGQ35IFre6Z5pnKe93Pftc0vmEkY4DD\/qnobu66jasRlZ1Jf8QSf2GV8UNcxD9kn2i5pJjnM57YOkONBIm3X5OJGP9PNAD37AY\/+lx5FgTNIg+Qy2PEz9KWdr8EgsjshN0q1yanwgqqTbIcz4hzHjMRGxUJ069edHimQ1\/JT40SJ9CAATEyqufWfkJf3mSOt8MkFrZummbmPYZrH0g70QhapOjHZ\/J5n2v7E7xapBZZxaw0t2qXjzYX8bLiXulRyl84phfMSbOX5sWlFl1JhW7\/ldwW3FePEYvS69S0ThovbyZZhiQd3iTsKhIozeWLGFlBEPzY2pYmWREGgmccA71J55rsq+VHoZRtoBcyKacyQgxpNsJ+bgq2\/cgLFRfSey4a3ZB2Sv00Cw+Tt+aA0O5aHPlqmlzbjmf\/MjousJv9LvO\/O7Z37fmN+35ve9+d03v5+V\/v1ifr+a329q1h0EIg0YL1T2\/SPhscTAJXWaMdsyIwgmrmKa98VHxZ7qI+Kk5DAhR8UbFV21hh+yzGoU8gLp49NIqnI2hri3xOjmAPdD2WdTxFLmdgK5PiYQFls0SA76wvWWYyrY5QLtYbpP8Djq7XSS5XyO7nVB1t9xZeK1Oyoe6nrmQVeR9T2uYW379GvwzBYLttKbXCXdT64J1XnLdRqK9lg22Pd2sKlI5rfign1bYDjXffpQNf2pn9V5eFjc5\/QXTt9Jejhyo8kbtc3S0rzc4kW7xcK4hwqJwvyqeIoGQ0p\/0+lo6Joovomn8cBRcdjtLYZH+YXFW6z3PNGsDAbaYPWEN2pUbA0+gxTEt4KWYdG6pTpTDcjzzThXUMIz7pUZfqBRf4JRp1ZKVB2fBAd0FjTsxM4XfJsf96MesXI32465XVp6GesocCn2mmfVnQuCzfeR0SCNDjrSNhzATouyuAe7tz0YvNo7BakJPCY2dwjpROKKnjxzQmd3xeRKb8x5ZyW98DVKxmPgTdq87t0csUaIncQSsp5oBlXfVLZFMskKWRWnJZwxoqZexw9jfzYjiQMTFxQf+RYGGci+TYLF0OBQG\/FwZ43tnr4Tw4b44eKjOIWY2RGv3ybCtJm4HY6AkXR3e9BDcOs9onjE8431nafaFZOr\/1R6NPokiVWKiXPo\/pKQojMaqONLHH2zVMlUVGmNhgoK8fJ8yw9n7JfKhhuGb7HQNiHUVjQ51aJULMOrmE+Wb\/RW0Q7b+ukLPVxZiw1xw6lXKoBvvidvisnAWwybtYSdgUba\/Ze+kO8eUGIbB44TQ0wgdiSqcvUhVxdwl4HX94VXoPpXsNaJpWiLKyImbmCQ0FY+on5Yvwaa04V0RhlzYEzHKgjyijzMT9TIz6b4y9k8eXg2hatoaSCkM8+kno+Tfzx\/0s6fMHN08y\/nqBnNmyZJL1ENDnsxEdfyQfv6DjsWWPWK1r\/G1v\/NHT59jTP+djrqK9d2x+MIs4shced\/4BOp+XYaUCLaWAtsUuM7DkHEauazf6Ndsbbhwr6tNm8sstg2sX\/o9Tf1bXXuzvoXsUAvEulHiNl3Bvf8SuuJlWusB8uWuqN5ZMO2JqvaMruU8GtivEg7f49nCH1eYtWuYzYSvIynzVjEt5lONBB\/iQPXuO4LYBSJx6DY4G5NkPYVy2\/EbfA9ZYOkd375hVVTn8Rirk58MVVkfyIwKH4KBG2XtLc\/ujfcHci3oOE4wK+lVI8RTvYTA1Unmb72MtzWABKl\/uAZxDhhB+zSyvBnBl\/V8qaJtuEhzk0mz6nVvd2tMg\/L2RKVBcTc+prMD9LToUNKmKmzL6ABz3VaWJTjcfllaqNBU7hqADQzeKqfm1BUck5oBYSKshENmtOX8LZpK9hbcqs+f0kYtsdjdl3AlihvxinX4Ted2ranZdr\/5SwIA80RYiKEHiysETfhSVgWyMEvYiq8rTTFoBJLJ0xjUAEqSgPY1ahOvSRK51SvOTFsDgc7SbJ4CdqTPpnxLS+vEfSxUM+Qv8mcmaMkB\/bdjX3ahMBms8svtA\/HnJeY7k3znwj6L8oAkCSdg4V3\/no5hRF9zaVuht28G\/\/FFVW8lvQHSAIqaOmE7ZJ2VdsI3CXPq+3iW0RVJY7KTE07qFjirTke6+LNJgIJ1tu4yUHnBBXbsAkW1bS0qulS+iG1pKImNEHzKLR8dDg3NJxf5mAtrWQ24BxHFgaGmIryse74kaTMXpTdOok67Oe8hxABYLcy4rSu4+ScT7Q7adpqNQv7bCz9IxODIw4y4IP56rwYeDamEFCajRyEtHUa4He6ITqv4nBhClsu2tAA3opXLTsB3BAVZDDcs5O3gkt\/s3DV+RtRSyIrCdhi0Zl2bc7HV5U6OIlG8zOeCp97FWfGUTrKXq1cca\/xNC+h5Z7yui3iUh0iYp6BPuvo9DrSPZ1eQ3rE6Y0XuM6uMbf986dZ++cbWfvnz1yz\/6\/WefBez7C+VioKM0dc3h86chF9tzli8DkbldXsCgm+TERll4lYhwYZwvZcIbqeC4IpjnsZZmjmnm\/bjFll8KmCNuKIHieMfBAFfAovOKiihs1e+Q6\/Z1Dc32M\/tgmOioo0qjjXQcSpR7gxzgsMQxOWtalOHHJAXCLI6Be3D3vT8Rhp38FoWAZ\/ZQsLch5RhvTpSayO8ySzUIjJuWZb3sVu3KOce7Rf\/3G2UjkvBCuBeK3yzHAuvrx4H4fOTWiBX68t\/ec88GsVIhBDE7kSMTBrgb4PTXSThxvE81pkEPQqztEq393QEmtPMdI0ML7\/GOa5ron3R0vK7HEUVsINoGHD1SKcFnoSsSpFSZtmxwUQAkTYYLPCNitAqIX1dSyQt8TjLHOzOi4nKf6SggmbNIqQQJ5DMQSENOHtbVegIB074r3YZbEt2SQS1yAbBknFXnvUbHW0hTVNrSQKKrscLZ57JxrnflOyb9McrMyk33ZH\/YF9OGh1RoQI\/aAQnTsR3lV2dWJkUa0iFr+YZJpdVxboHP2O6bm+wuVvP9EdVcG9s216hLilzX3r1Fwk6c1vWOh\/NzXue9XKKi25v7peUMF\/V9eFv1EqzAzlvxsld6X1BVCv8yiaYOd5oO3W9PWf1sDtBB7x1ddu8P54TtRTDfRO+2nwf53dNAHAd2oGwrJYcvbiHPnADTj36Y3jOhH+SoxoXF9eE6VcycS5UEf+9X06fdvH\/At1UvyUvouvF9EK1V\/JA67g72N78xiYkLXNMMnFXyLatOAjUkMN8RsKHLOBLwz3k7CbpJeW\/ZuWkr8zXYScyp0vlMhO8Fp6Y1uUu7GdUE9ciwq+j9twVY2yKvBzIuRe0Tm2LExq1ElamA9YqIKCqQ=="} @@ -1000,26 +1000,26 @@ 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":5,"flow_src_last_pkt_time":1654385144957630,"flow_dst_last_pkt_time":1654385144924301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":819,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":819,"pkt_l4_len":785,"thread_ts_usec":1654385144957630,"pkt":"tKXvZygQnLbQ0+MzCABFAAMllA9AAEAGMgvAqAJ+oXUNHbFmAFDqwyTibdxaGoAYAfV00AAAAQEICrrGJqaXESfzR0VUIC9pbWFnZXMvZGV0YWlsX3JldmlzaW9uL2FjdGlvbl9iYXJfNy5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTENCg0K"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1322,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385145219802,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1654385145219802,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCODJAAEAGpmnAqAJ+DoiIbMDKAFAaK2fhcSXy2YAYAfZcTwAAAQEICh66UtmaCR0vR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzdlMDdkNDQxN2UwZWRjOThkMzI3ZDBkZGZkM2UyMjdhLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385145219802,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385145219802,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145426832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1654385145426832,"pkt":"nLbQ0+MztKXvZygQCABFAAFR7yVAADYG+mYOiIhswKgCfgBQwMpxJfLZGitp74AYAHpi3wAAAQEICpoJHgAeulLZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogNTE0MTANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhhODdiMGI5MmUyNTEwNmMzMjliMDZhZjIwNWQwM2ZlMGMxMzQ0MTYNCg0K"} 02555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145427199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385145427199,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7yZAADYG9eIOiIhswKgCfgBQwMpxJfP2Gitp74AQAHr0DwAAAQEICpoJHgAeulLZUklGRsrIAABXRUJQVlA4IL7IAACwgwKdASqyAToCPm0ukkckIiGoKnYMwQANiWNs4jJjEcRbUIq4meIOWNjdqsESz8mAKOq361AtvR7TyuOV\/FV+nu87n88t7L\/y+wvnw+sX\/mdCD\/3\/RT9Gzq4ehu9bb9w8kHll+e9cv5x9n\/s\/8T+6\/+L+Zr9RyV9nP\/f\/sPUr+gfkP+N\/i\/yV+gP+H\/5PDX9i\/rv\/N6hf51\/YP91\/gf3j+PH9Ltt+h\/4\/\/f\/1PsKe\/H3v\/q\/5X8ofjU+\/\/9X+09ZP3T\/W\/+j3BP6f\/c\/+d\/gPc\/\/veKD+d\/4v7f\/AX\/VP8R\/7v9b7wX+P\/9v95\/v\/XH+v\/6P\/4f6v4Hf6J\/e\/+5\/i\/9R78n\/\/94\/7k\/\/P3kf2u\/+aAeCI79ZBcTyL6FXzyW9028ZWAO9Y8tIvqAIrZhjGagOgbNZzx4a6g3twV75qnqJ5twB\/xSo9lyhWqAukiBEUGyCjsjBRJTgwuYIYsVFniixVPbFltIkOLqUYdE93iFQWbjfQ7rIyOY3O5mgQ2g1BiHiZ9bXVyF0IzVT9VXeN907YTxHk6r5NzA3ch1aLti4lm405dFkbfhla6HiLq7w41FEOShUP3PJLBCrZnBsm0qQk35PgdMzn956e1LpfIDX0FJREMP+uxg3d994VFpfGq86cjUxtVSP\/VQnXBg+DocX7W4D0RyIXgbm8uQ4IzIF2H1sjFucXdojor47tUm9O7eXpNRair3WOKxEZWb\/iXb2Gdx8LFruVjwxae5wQ8X64uRyQlGCU\/MsLFg09o9l7MyDVDZdrr7hCHFleRA42vaN+i4ay+M2WgHNNilmF4lQlpD\/1Da8lz9y5OpfD5ZCskMypGVzwVXUzSXXPcH1xSjpIRnUOSRLgsSqw+WqdbS7avhXOERtYG+yagD03SLlu\/BR\/ZfU\/3gPUWeJZe7VCByIU4208cLe6TVBR15KafU9Q\/xj5lUs9JNPZyUkF56E+AJuZNQBJnlS1a9fO6Diuf3dw3IKITFUh0AdSeLQqpBmoaOhbagSyTYLzhnNCjxfodnJuIkBQlanUOuHTOD+gs05PVNpU3DHxUIfcFt1gasaZ3w1i7zAZSZ63LdYyL9U2tEDVq9IaI2kL0JUh4JlWYuaXYZlW4pCma\/Fdw\/FL\/jAwnb\/BebCkumQFYP1viY59L1oZu5uBXUXUFkbOOnSUg7MPEnnqZjZfMpX0LF0EK4VWYlPgy+y44jS0OUPRSTYo+1AE\/OT+KFCu4C7y\/0unbMhKRion5VmX+5nuPa3a6IcVtwHpZhpAMBfyTfobyM\/iO\/I77R0vOLjKqAf\/fU6WFG4HV+7sPQY02hCYWp+K0qNzoA68F73HIvfAF03DsfxXnu2yp6t2N0K1eVD7O6DfnUmItqYh3PyLZPd5Q\/FLPxQ2pHJVZC4+JG3pg3Dku0is9oPVCW0EgFqU1QhLG95w0MhoSdR370ILv+yujpCB6gPCExiI4GyrfuzXCHzq6CvQmxoFDHDNmRcmg549qdQpED\/RtK9yoBkpxaQ9X\/7hWB5LDO7ZW5tTeh+5UctrqABpjMUqSP997gQPvkdf8NCjy1lYMvVGbDisirszrLGlJOgO3iwZJ0o2P8WQGmUI7PzSPM5Vu4xYpdQj7L372UKH7ioIJNWGWBaj7O3PoZW0hC6TyDtX5M9DRfs8Y61gVLbj287hc1o5LglFp9sXTiZ5OCimSuIzhhbFCbW9ZN2CPHmUCgr\/jteFqfBjH8xDTm01ggd7scl60snvryXBjlpgXsATeRhvUkemJliJ28laLpSLWqqBShAH527w2WjK\/rZ45PZOBjOOIh39ANRjmTK2EMsRJJtZOA8PZ5a\/rb2q1VS8gz50Lm8EcvkppQ6mj6ubw+11r8Mf\/N+U41JXiGxtOmSVZ3lt8bBEKNl8"} 11590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145428273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":8706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":8706,"pkt_l4_len":8672,"thread_ts_usec":1654385145428273,"pkt":"nLbQ0+MztKXvZygQCABFACH07ydAADYG2cEOiIhswKgCfgBQwMpxJfmWGitp74AQAHp8AQAAAQEICpoJHgAeulLZ9DdqhXzrgeb2bcU2Np82iyUZvst76pxGH9KSewtmcufT\/zsCxPmMnaCAXSu+ILZE3nm2HsTrhdV2tfnfb5b2dGk9M6S+9M0mN5fQjglo4dyoRX9uGv\/0ui7fXJmDrW6KyWevaFw1UPZlZxagGZsq\/d3pXloJTSd+e3LbTOhiSRWc7cojWObvEyjug0HW+weeRTaLTXojZ99pRSpGvoJaPyGQKLixbqb3cOlLd7XQcG4bYL4QIkhOW3yFVJap87x948ClwxoW0Ais8wUP2DmjCo4x8k7PkzkRmyTxY+X29yl2q49XkcjSODUFvanaQmYqS\/\/TOxmlW93llVrovSsRgYBoieNh6UXH5Ab8yEdYQg+S9bCtxdsq5h7ZqpYzKXtI75zQLw4nUEwjNoXAkqF3\/hNiLnvHnGg8mogC2aDV51NyUZcFd\/HxawRIs3lMdq3NEZoPPiIGnQMGM+\/Fc45tHC+ANLGY8xDiUFAbrXhRGdfS5Tuf4cLNRTMoVQ8Wx+jPj9d1LElJVQJYIG2CIyTrunSkOvPCfmLZVnJxqUOmNKTjO7HxE80ZqlDaaG7kYKXmK3OZ7dc8+Dfi2qKMV7htubh+bt+dv7TFE5rwe70WBfrky4iP23dMJ51GMayqBsaKj4a5vE3DvP5+U5AbU2HZIL7VQcEfVzkGV33PzVY\/NrA2NTkIoe39tzQYEkvgjgCl0ROmZ1Xn0+SZa\/\/+zBTyejFDNhHX9Kpooba3ulptcCwuQfNeCpeAtdF\/MZnRzeWAHSkIAJNIPzRpCCJXNFeIimW3XyfyE2d7ma5Tp6kuW58Nca2AH9YsL\/\/\/NhTcP\/\/5CEZ\/p8MmLGn3\/wxQaKBMhttegMOUYdFDrTWS2nFe6mCaxtIYqv5nVrrVnpzowN7O8UkkSRHIsdhCUxE4dO5pK7\/iQZnHuwRi\/izVAmnyyQJ6kicrPR4tW+5Tz1rlSNriCR2E4MKxsExB3G6ABDHkrCKN+jvaJeSk9s8P+J7FLclN9RW61fzoNo408h\/9lu9dgMyTOn3y5sZ2g2yXnNavR5KfLrT1K8XaMQwSHpVSRbjG2fOXYtDclmwRsIpZqWjNpIp3EYJ7\/ZSvh6LZuKDZorRAA4Noi4El0Opnt3UFDw7MXY7G+k\/irKzZCisW6yOJ+hey2zrgv7E67OJB\/teGNxknClJ0En2zxd5qq71QXsDcIgUWkx+inT7ekCVi8D+WN88uYBf\/+xvJLYwN1b3RI7jVC0YC16dY34zDKRksGg8wSULv60kStFu6NMAfCYqCr83qJX6ik5ZgC3nU9GApx12Fer1hLqkN4zkWnA6m6hry3wlQxUhUo6IWmqCe+NrFvqOlYj7JmTgyatqATosVBeiyKehxjos+LY6oTmAZxwMY0KB6o1xPhAq5tyD02nZIhS79FDp076sSJju+kKw364fN9srqFhGTZ5n8fp9N1dWZI4KfF33\/r3Lp\/ysI2ecy\/ZUBEwlGvEQKxKgebE\/RU9JmCyiET8256GRcjssl7pCpuKwLiRbLxgzYmxHjf4R1atZtLG1aV0\/+BFudUbpB02NHCbUGD4VU8e+bgkbPKENDDV3XVNlRr7Km4sjuksCCXlgy58kmT6F6STtsSZUB1IC9mwWRRR5xta1n2Cg4ILeycGo9Lmw1HlzEUi\/TpaHrNYF3tZ60Kb2Nn+Y1ZDmc7s8toxbvWQ4o5Z8GNRHQWso6oql5Os\/u6N6H8waPcqBGNdy8nKLQ8ENoAKXSE7MjOEsXg335YEIOsxD0avalKqVxqy5yGLWEari9c9n\/37uF9C62rZ6HdSkPEKt8hTAjKHnA7boLiCfEuw\/0YIAYhUVbegalegcOW+RgEoX16zE6SmJE5dQx9yRfA31iPJc3HBdmcC60oowUz6Qq\/HaiWexYH8LjJ4F90H2byID1BfHkTNLW5Gj4MMxHR3wPawrGS002kqHjunV+mwFiFG6D505\/3TZ2rr7D94uIhk4mzC1lhmaVJN5N8BpWqvfq8gj8boVByh1tz\/bjXPidLm9ekLvZPedUOF7AzEr6KhRP\/6lqfmquPbJeXeCvN6Ka59i8RgZpEKoto6dcxe5gudz+IdOaF2ehEG5eMvU1FqiDRejZo70tRG5OYy+4vUxe22Rs9hn8a\/4ZcCG5QJjSaTg19oE3bMUFoXBXkdox3bq2RGzqysZxmI0TKJnyE1c8JVMINsZW5q2sb0VGh+W3AI3t\/S0yn6kJUGk7XHeaA\/TELye57U8gLkDaxwiGaAZe+dCkBiWK9moz9r5pPDj5yXWrnnv6xDSgT8RzKIn8Oa6y2W2KrBM6QXdm36nOlTQakJwOT4Bxrj2xdaUaGz\/oL7VQvBsOAr0X+PYs1KjeZGQz0vWMB3jyqnjweemESegCtUrEc6Nc\/R\/gwTTnWRAiHGv92Ipr\/TecdGzxQAOXM9PMMjM41JoktQk47uu\/xb0q\/vuL+VEWT6CTF0155CBLtSbcuIn4ABIjeSHyXJKsS98TE4FHJLmNr0sGnD3PLVSp89ho4QBjVZT3MgL5+P2AN+DR45jLNWmYMISENNnPmbcckEUUk12YRXl7XzqwmXWPeNblYQcBvlwtcZqaYwCCcHdk9uWm2tTb\/+Phm+Z6DPupaC8I925vkLqcGdgGfvWRJWgD4FFLA\/np4Ls\/f6+e+3\/TqPFQtTqJlVb6S\/cvLgxFb4dpwuEf6ubGVLyY83FIGtu87idnxU1cDyhL\/AqoOfdnHwbnMF3ODmXvmorO6uncKzqV1x3DDKMez23\/kgT1avSCEvZJcWINZhznQcc12zGoDauTrWn9grMhtnsFSxUIAdopwSYgd360mGZ66Nla80SqY0UxLwJQFAf9XyPw1XtAm4uhgLs+hJBHzGq\/1WZTUDcXzxryyjj0oJVCVIA8Iq6jtK0xJ3+VjRkq2uXaFS9nzseW4udb6tXQGjMBa5IafDUWWPW5ILSLwSXfR+3LsLal5D7b+HzBwBiUoVo2LE8uiTAgCSwFrmS5S6skLU1FBj5Lrt74+CV+vYRdE3vkbE\/+5B64HHBNETeXFy9uuAQAbRyZQFjd0NrJs\/IcOpnnFSdB9p2RfdZ5bWuiEwEx8WbXlcmjOtgpVQftZZyCEEapTorD5iXcqAmR68c7h4cuDPLraMwCuNu2ImWlSC3v52Lj3YipkucoXMmzHG6pY9A1fbGM+17YUabPEreadnxgRF9pJWyxe2ndQCnZKAIYmlC1rBJWA1uCMBaulg+VynIya8agJ70YU+eL5HB3qlUB2muiLKJrHV4TZ94a+MObqpS3ZhQ7Z2x3Zv45Ei6NJULdH29e30R0TGV1sNSZ6QXFw2YJCxb39q0QHedkY8NM2eDN16EHl6MZ1JKryQEO+K4KftmrRJCz3hXeI0KzdFaVhkIUDzT2KGWAjNWbbQLkx3s9AkInIS2NH1+BTneaITU+3iRbCKGoHHLbBlM5C4R5qo50ryxJMfxs7HxFMOIpZugdYCOFOph\/5Kg6sx5UTS+vesXqP2K3xgWCKp+Fcw2vJxtInNKqYZMdiW+hYLiKdBEP8Iq0JrWmLUb8HyRVE68TVQXO2WJ91ZhCbNHL0xUxZ6fWtEVOJl6bDEOwhNOGhi0AXmIfVYYmyrboWffbgcq2lKLq9y+9NXOWeWsXq8EUhEiYbQKmfX\/9dRigHnun4zLndDJu5zSsmeUVaEbvndeVBa6x6ViYQ+\/j7Jv+ay10+UThYxTVk6bMzS4\/e9cIDuGNl\/tlXw\/VByVAehnwexjLIDbqLe0o\/ulBoBezacS+bVJVl\/qcPnLzTmv\/t1pYavc1wJcUbGEACUWFEVd66gcvbSIdXdJZOzujiIL5qwGlpC2\/Oos+lm4QZ4NlZJXjpu2eOvYSeLy7nYdhkW6OxMWH7gg1QsBShJstuq7\/Cv8rGarQQzR5wkYwkDSAgi7jmw6xmRmIh9nSSBvkN7IOpLRNm6CG5dtwPK5wsVdFChzMQ1Xe5qnCDjgH23V\/6dkEWKRStOmkDV+W6OurIWWrx2k11YGrfacRwguGKLeaAoqqsz5ZhI3gMuvFdR8WTQTeUFZxsszJYQJNd2T+YFD+YW9jI9AwRcJNQd93GvwNE\/JfT2pK\/SfxNW6tiPAeMgtrUgGD6D\/YVblcqw1K9WfOg5jwRedzlZsnPFG6r6Qi4YoS\/lEReRppLzgGvRuH\/4ZXDP2vhwLSxRkxCiYjEUFExWFfUZ1sdPNuIib1ZQNCm3Y3sMauzt+\/SrZ7y0XfnKQeU+awL6Iri+LoC7xLq\/9KRzIJRAC\/vtua3wR1O8vVQQv3uWcYYo\/1Ao5CSjiN5ykZV2fUBr2j5jotYtC3X8zNX2w6fzQ+aVEVFUutbiJxyMIGC2M9ANZlIpBo4j2yF1W\/dCjo+AJqC33VmRHNMNkhhqbM8jT9j8cGZ4x2LCjbrVdB68RxIUG\/q6NjKpgwNTIsg4+Etuml2iGNYFlrQziEpTUpBsp35CrIo8saFaDPSTdh0bz8TQ9ixgDVRy1rVx+BsfNJHg8r\/5OEURg3s2pCcmpHzANy5\/Rxyl\/FUSgXMUURZfX6mKKJGU41ga+luJEQP6dyHLc5SD2hd7XCkSwcAbvOeVHsjvbtoDiul62usu7eFulvXcMJXXnru97Ylb99dA6gmPA2M0Eb7nRyFnQ2OMzvOXtEixYFG\/Vmc0gT5ptQQCuXj7\/\/2sBc+4Nu1pNIx9lCv\/CnCqPlaVzfM299fwfZPsBbbCWAvsr+bNYIqX0Z+TfZYc+7ywmxuqmkL7yWq77e8LVdE9x6tNI\/b4gIfyUh6Aqoj+yA4YY8r+aCv6j1vA86n53X1AB+ANDsTfsWgdZf6Q7uXQrjpVMzg5Ge7eX7nDQ\/OoMWWpm8ZEERwErEYbmQP2PBIOJbnjjNYH\/5dX9467ZFofW+09t8V2PzqqZalKFKifLsRxYT\/kx7PsGR1\/1GS6vhdYMGR5lJqOR+al20MyJVE94VibiQiNKAblcEH72nM6yRC6jLt+AAAP7+nIHQ4TvBQO5QsM2AYtm+xFdEtR8IHjtpDaudXn6qIv2GBEbDQzXvbM+w72XEU0cjieT2RBwht5qI3Kj4CQIBYzwtoyRaWkT+AhIKz5g5UK7mfOuFHaMQB5417L8ANTcfxwTRzOf\/kOROzFgf0o72IDtTTGEoyyRFE8vt8R5fTrVHX6G+Dc+ntpSpJE\/Mv9aFI8H4ATG7dyYWOfleMi3jdnXPA8tmM4j\/1PgrDiWJpr+0jbM5Ror1xpDPJ4zU9BPhHTJtuQZXon4kFCewvspH74AyPScJkqdXIZnutmw5HQbYlNv9lbrCRueSwGJcomQO\/K96pabDBP6EAJVmK0fzO5njAufMkVRhmGoLSLnwwTG2okKXL+UQKYSKxiJWXMyJJCRTzTaPKsWjQid6bsUIrWSeFqBIy6L6WvivabOZyEeE+fdTSN+pKTKhfJfFEPOanZsJliwU5pUKtCIsP3C7L4+8YN7rERn\/l8yNSm+jVmWC3C9kHw7WWLY\/AdqyQGkwk6lEjuUmFDwTQS\/hBGRf5A5ko0QreI1kXR7VLG\/HsDuOoNVJMjYyBwpzCx1GCTBGTuDCUD1R6RlEoi+yTIYDan4SBSXrMufimN5ceAFvifftn8WTGJ8TOILB8B2\/PwAGZPvTCLOAtIOFOKaypgoQ9Y8mZ6VJ7OaPQI6jW4ANKGl9QwhqNXZNAwX6z5b\/eUl3sQ6Y37z9LA8UgCAL8DRVF0WJyMSqKo5y7tfj7BXzWKaS7kLzzlLCXF3tpsedOzFQjvGFoD0CMB8s6BjY\/sGox4yhw+A6dZtlsmT5CaR4VfmhEAyLtbb5kxwM\/IZW6FMmo\/DxpSd\/FKucAf+CQg9RWPZiL6YFODCNgMCtkdUym5ywC5aFBzDH1CUtx1MIzvfCeb3n9GDanC32aGGnh3ulLEheKuesv2H8\/vPogn39HthzLT0RIc2sPDczyjhxLZlv3qodpTy1hw0DmMKSvrTb77l0tmH24mtYHSsG6\/KMVUMlJXcZeVFQ6tYzEZZLnazq8\/hIaRQv9tGDw27SZDyFkuN83OsYEcUSioSd5K235YXbELuhAHFC1EWAh80JkgkTJ4yngWucqcFSx3TQivnsC5HEFqDsgK+NR2o0rjT36E3S8QnctiZQXB63HHuI7AV+Yh1F0asEwt9UhGF2QmKFYlCveT\/6aZJRKUodaybeXv+i+z5BqK4H3feywIQFW7qDsUsBJV4tugXIrowNqN81hZq3sLfFl3e2SS8gfGYtP7nPp7723Qey\/p3JQ0CJWFgngYhJol\/642C0jtHowfLJoe\/kHOYdngOQcnXLsvsxUPH\/RIrqzJxIf9exyj+q+C2XA2gKL5secOyW+f3JDK8wv++nacvtygi5iKjRdzEYQVEqJ9Xsgu7KAjboK54lS2WyHzvKh6fc3tFNvbnqUWKQaVBsG4qeSA9S0oHw9DtmGk50e4NZzAF1PlsawVUKqxuGeZzqeNfe7Na6LCPki6UMMJZZcW2TFHn+Ezx0SBWPxVMMmvG0A\/C12hINJn6c4Q\/81clOJcTbPVXj2Hw1MU0NiSt54VcEEtArthNBv5\/yThuZsICblftuYiIWa3G6UX3SHDc41HQXHXnQ8mBo7VkZ76XZ9jtoZdNn+94eLZyfFbgedbBaKaWa7mmCe8iMB0qEMIuE7fmx8aT2DYMW2EG1IFRH47aSxIAXIYT0\/nXzQmr0A09KBnmusmRV171NyeRPLR7jYhbQ0K3OAKNTZEpgQKQb\/d0PgxPq03gHpX8ehCNQ87WzffHvfxY+JkCfMxNp9KMuoOdCeq57x1PngVoJcar+B4OKlbtSQBdU28f5VIZKeD1Nf2y3QB05h+aQnrIXqiIt00sLD5lBrDRrpHenFyM6+Xq7Qboibx62gfBsMCflXqCBvt65W+wZrI4VvmkJiedFUCJwh4STZH1RUrJs8OsNNddojXi8F1eMl2QOJCAcq8Q\/DK4bACwHuY8ze2mxfObKbhksPu2dYeyihmCAGCpxRT3aDku5pXAsRWn\/dkwY4\/oTIno5pJBjkQFfZzT32+0EEmi\/w1HUiRqoPADoLHgXUdJKylGMhovyATxwpCLE7f50fPnRwWEeSfTT9TpD\/9ODK4aUOxv4xIvksWsnA7oCtCZ3sjeEXpMYTcMY8ZzQWLU45CrilMMzhPTfmZcsEstYGXHK1gL3ILIS6Gcuh9CF1J4CWzPa2qORnwC\/8RPXQ6kBpKS1UnDFgy7T9HQtaQl2VlhTgGyVjb42TLPE3+fLqbK846j6hsIkLSngyUrPCmu7c9me0HaQrqgHfmQF4UUApaMwv\/GgJJl+cx7evcl8\/rhyqcXij\/QdCEAXLZlHixw5r9wA57K3t\/Yo+eKOs0r9AS\/H7Fh7\/s9C4m+qFYoSi7kDZY0zsl0X2QgvcwD2UKRGLyQOeiGSa4ZKid6N8XaYo5kB7EMG8xqbpSgkQcECPZp7k2Zy567DyktrRUpmJEh6JT34D3OxSZQM6SaN+0z7DDioguybNJ40pEZ3jiBMF+gJ8URBJ\/ftVAQlbgbCjaO0T7LRs8F1mpvun4QaMBvg49UuxN7gveG2a7wWEaZ+Fj5pzcz1sPD0fONU6knhWAjvdEgRkW8vAvDIAB35s2SJNOHHQ67roic4IITKETTypxwD+IS3dcJrkb7atKxqveIbuU7270B35Ck31KLvgOqGoLIHLhflQSOfy5XqvOaP\/2Xkb8BpAJnGai5F2\/A8PiGnPQebyqTms4xMNSazjWyqBCXTV4pND\/+FrIfwEjs9\/KKYJLkrqhznLQPIEC8Qi\/j9nITVtHlZ197ZtLCu0Sp38d+HgT\/otqmudSVFjR6eSkrcj9DD+am54fzh\/L0km6eVJdgG58nLSrVwtDFEPiuG2HIhU112qeDSfZ9pdGc5TzsOhHkw9I+KvUzF22N+cBQdaL2bBj8TTyVTGx7p+0XVAe0PmFWpOdWSI6nNBZn6ov2GwU0Cp1u+wjkjVWWmtUJ3ZDoBrZsX0soHKnsR6FmoG1k12pf08gLi+P2yZzyjnY2Sh4mGCbqftWUN3jy4D\/fldGHVsHxbbjMO3f2AcMAnKMEMajJY69TFi\/aoANZ2rzyvmxQ7vwkn1NZCBgelEw0Aqs80jI\/Td748QJhEiBZjJrR\/ia+uMExEP4Sn3\/6WJk77NEm+E9E+NJWu9kJN5uIOeR6rnkxB9gcUQ1Wit89oYqlq5P\/i1vhq++SgcQoQysIRSzVnuHDOhYzvGl2SELWowCwiUcUid3jAf\/QktjEElj9gdYrlOy\/60Mkq49au2GwJn0aX2ls9B5SJtI1yFsHQwl8ojPGnMjnqbWEFlqhjKeR8JHXk2CfjlLyUw7OdbggGGmqvJ+cBoUOq1Yqaz925JPQnd3BJd8D0wFQVYpA4nANOcwbX4\/5lLCMnSXbYh1131K1UIUWZ5csMgOaPUE2R3XgkyF\/i\/sFRRKFr2wsXW2ktx5h103+qNvPB3aYJ3JNbWpfE7KVm38Dn4DuXsRycfALFM1KdNh+CBt+sgwow5wm3d8ZvbjdkbpuX7IgjPTxea0NZUnoZ4vku3VQ57C+O4ykGOuZWpu7koeu2EUtECHc1nN6rAvRY7q05hvXAHDubrpmgVt36NaHwe\/b7cC1kd1TIKGmy5qCC2JPN\/n9yICoSAw5WILuy926qKr+8tWzPxUGwrWvLz8G+T8cLwaQu\/JNzpAd\/YpuCvedUB3AU3MDsi81QJyMLyFchRV5BA0\/IJNV3tzKviPlUGsxSsn9s7LCazpA+5zU9uVH\/RUsDT6o92NfA+5E5njVIwhy+1TLqo7W5pNXJlgJ34UqsvihEbjSfQXUDPEHNZx0xjbthoMlgu6LLtrC1JvPCRTWoqspNArUDmywElGa6wA6U7yAQKSI+1+n6EIdkOrrn4TcG1yOkGN2CPsLvThz+qa+YLsHA9BlYs9ryT7A8jsKt\/shl0yCvLHe0qpV2E+jT0+Dc8xe4pDCrj6dnS0VaELO0gG5RPYC7WuiaNk9wJnV\/FgbkbucJyleUdaEGuv7+A7Q2c0CgaoRytHFXokhn2LEyHEXEM\/gudHUbBQhkQckW8xVn0P9RmrR3AGibbLz5g3Rx2S43FJotVtYTxqCbZbHnb6ENymJVHebdEynA1jQTGefZHIaAoTtxUv3Jtbo0cCgEqlo012Ovr\/VZqOwlqjJO56Iz6KhqRcsjNZlfNFo7H2DCMRaiW6H1YssRggF3YoXxzIqAAmsFPm0Tz9DfIlzQWp6LU31+sDbUUdJAl4UILnzN6mSMQ+1BByzNdfCPMZ18bqDv\/geXLDG8XIBpLcxF4d12EVboIA\/KsmyH1ThpQ4KWjKusc83uwUmk+MBRHV78mQd3QmyNcakjHJgaBGB\/P7SLuMVvhbWweXPvvAWdU8oVbbkamh5URqTSoxDDAu0sl\/43gDoXHPdEoLQb9NM7RbStJNkVIb9Ue7puG\/+buhrX\/cKz0OEYSU38\/SZihqwdenQvnXvJjLhdBat9WU\/AuYGmDm3zL762yKkK7b7wZ6C2useRGls0VbuizoKECiaFT+0QLoWS5TQEpHH5ZbWoZG8nwEYxKwLFymczzAl9yPaILkrQ3MFUxq9fF5yQnAHFDF6BWvOznLHlVjlBIqBL7k5VyeXCI8U+abzQ8\/I3QqEvfPGzbqYyY3Ra4UiTdeJ1E6poOvhe7rnTCGYJZEm1QsCF1fGcqhjt8CW1M88EI\/Nd8bXqUfeAEWsgDr9T3RlkVa6S+2cfXvMxazx3NgCCippvkBntLeyWN4Rsbfa2dGWH6p\/sIRyETdfFPghNPUJmS+WLYqEvsKhf4zeAZdqHp\/O42WhF3Mwfw2xv9F792Jqx7EbJaWZ+rHDjn2RvOUHEM3Sf0P6sI4R8mY\/c+s+l5vJPArja9m+S0Kdyf2iVG1AcOgJp12QyNE92NcsCzLUZcGF0pwslb6eVJq\/v2PTJC20heGuZy+xjI+J\/ovtZFw08StZx5CsCaEt\/LS4IBNXHTNTtGlhIwm7ZpRZd3Szy11BsOpygejjgJB9BKhAOGlvr7crq2wU5n\/MYmkn\/vhe+nOvYyNJhSHpNk3u+YqNBrFLA3WNuXZEoyZEJDnWe+ziiEE31ORKWJBXje+d8OPXj078xfPDLtoOPOQQrblpn2hUwm6CMGdkbGdMQp+DMP\/sFyi1jmSckihewhcC7Nv79YBsEc2Iv60Cu2MRICWJbJ6MXo7T2pLcDsA\/x46g9w+C+xF6dOZoL1QI3UnS05c6dJR\/mccvDP2lJVZ66QU\/ctV3FCFdxg3WcLpfSgTvUnENyw0q9i73\/01kbo8JWDzgL4\/X8U+Dd3ZRgdS29t5Q14z6lRQH0wAoI+57UXSqcIbgmUS0UGnN+zSmLOYP6CEq5fmULxvzU7GoaenmjQiHwBGes8Vg8TZ5A+IuiXNNUfpF+1yXh+B6jN4\/NQExo7KrMOiGdQTkCtXa1yUL60uEM3yACkJaV8GohN7qKR\/f8yOP\/6xWFKKWN86EGYm0S\/Mw7BexrZN82HD08LjRdze2QAa2OLCzPpkhuOvEIiYxhltucp5qxmH+\/yLZfc2tvcmRlXbi85KJcR\/umGPwsYesV\/WwY\/KSwJMm5ogF6ielDgCcOEawwPUXuuphcq4bxQpsq7pTQ3Lqo1g\/7nKS2+V\/0bOeSq9OYq73tHtNqPEVRoOXrbg8MwJUiA3cjizABC5kBvu0QjZxP8XZ3kP0fCZTnh++sO7Mjzxk\/VE0mqmBNJllb+mJx8yyxlXUs2Cdh65wxgZC5NDg8Xk1DxjMpil0VNYT5n5WNUPhEMjNZDdSiaOyQlV6ha7sk8DdnGBvC2qu0+kAunwlNI7UwuyQYN44="} 04466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145429022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385145429022,"pkt":"nLbQ0+MztKXvZygQCABFAAt07y1AADYG8DsOiIhswKgCfgBQwMpxJhtWGitp74AQAHplgQAAAQEICpoJHgAeulLZben9v\/bq6yon6JTLP5FkmDkorQFkjd2G0AuPjcRgr18sMUsmEUUMIgYcYLjYwMkQ9eWWg0MzvVB+uD3GSG\/T9WV5s5rCeMUZvIs9DsPsQgLAJ2jjU8LlBanK9b56JomwJCvHOV9K4luR2JRZd4yRaLCosJj2FkhJNvELyC9ROgvCpXfrh56UQNjFJbqK20FOWYq\/v58hegfztcN6fmbiLEWHg4n1oVnZVijUvGMmKEMFcEQKsaoFWXLYziP0FGVYAAFn4a4eueJartDnEe4jv8Ft6mRjp\/EE4CKvj8p9AXFhFmTUX\/TD0HQTaUtz+OpZCHyhZgKzI1+NJWBeJX4v8d0IHUKQvftUwzEnhRUVpZKn7iCY4P0ighqsHd3kxLvYepV+Zkl0v4jMrpisZsoDfbGJfsDKn3cuCJBaecJdYetaFdvPDlaZcJTN9UNfBjAKfRJtstusILV5codiV418oVD9umjahWBEcjFkSvyTtcnyA0gEXdUiKugIJlepqROsKmBXpEf0OjSlcgkspRAELS+GXt6xg2WhU7nIvc\/rs8LgSu+OJJNBQ300ltgVaqu1Famu\/G4yepbPdpTiAaeZoe7zg5n\/z\/mtCgFwlyCa74ETFz+qOp43nSEXH8FX1LStuQqH6Q3F\/ZtB602dukn5i+S4RwR3TDdny9LDDEOCNcLOZbIe8J3VCSrfogMdOL5UVQapfiemOZsonpUIGLTHoWCmbWR+W5nwRPRavFkm+DP4OzdEHkjmC5jMBDLkZ\/byUAwkwBoUyF0SGp\/KaH4Yh+U8DEiALA1xJfflCFoLurZMqgEsC+cuZSOaD0H7f\/xLq34BGCR4GpSwU3KWFL6yqQoie2oDPz9nVDJ\/rk\/M3sKGV+qR\/n+zoBhc8taRM9Sc+aaQuh7M8RijdSoQCWZ2wA2JbGWgxOdIpYHpBzTKMr\/R4jJRMrzj7m79F8n9hlieBUTsvbZjfpgtixTK09PT7\/SHxOgKmohndJMdlbFyoG6aQd1Y0+T1GlzEENo0dtsGrfznr0b2R+0V5zmuFmELVrBrmEDegUa3K2+agtIm7yGvY3S2WbCCX1JI+2jSuumZY32b+m1\/PA\/CIbTd5ly7aup7PIfst6KNnBdAop8pJGtF7hzO30YVJqgRdcl5heWfSWRZOfegxS54gn4erhlNcKhLazq54Yy\/Dq+vPi4Sy0xTwbSqEmyvji8kc\/Saqb+NtY\/IDNGmj6w26PYH2UKxeDgbx7FOf9w0hRaxiOGUnnd+3Fptv5W3z4Bcjqy9AgR3xo+ed0mkNK1ANErSEzXoahdq94QJFeaFD9HcpkcZM1RVM6H1zqRSkd6K5HVFy7Ii\/kGd7FTdurUsF1Sc06BLzGEXRomTjbak6n2hBjPF2h7MPY8qp6kmAouN3bkwWeLuce\/AvpRayjHKpAuIApk71+PdV0aTa13enshGCt2rUwJ1SyDQQixHiMSZ2EyEzJxfw3GC2a8v2uP5oG3dFxWXy1FFn0wr+JRQrifVzPWWbD5lWUp3mrgXrdVsrMqHpRT2P\/U3xfP3UCMOcw2Zd3kFWvk2KqXTqLj2vqSfy3AV\/to\/jykBfr6fe0kIH8s0wkZcBLpBUf0FGztqiAiTmB3XwjefEPzVvYkfQL0XhcXHGWW2MyHJYSWutSknUPRFGxNC4KKSwUw6YCYSfM1Q7WvWO7WzQVywSR1oWGsEw\/26bMPftkLzGGUdEjxRIcru2b\/9e6wECzukgIcwHDhq8UozQg1WaVh6Bubm0jdeQlqhdVoANjwHAg6nG\/y462N3c8JJqIspgJDAdJjaQsy3CNDpLQaTyGknU6NO5oTux5kDFVkgWyfaWZBua+8icNGc+9OWBN2m4nfW12Mgbc0Diyn6a4OR3QI6uJF9O28AVihuWCBuMmoXyuywbFhuSs2kxt4y9eEbyK3MEkQmQYeFl7MbEO4kCsHdfEt2xXaXAY\/rFU6PSWIaNK1agNzSoQiF7+jeFFtp\/v76058Pg6Y1YuedLaaTmyBQVDkQ1wmcoXcTD9VBgkovLv1Nw8AJHr1yz6XjkfBePidmQNzRXawhxL+jYoxjpJHHEAmQ8hzkeL6LZ+LUPXcD1nMbRb6WUxlYnL4AQeQFVkAPUfBoNCkcRcE9veQXIcjLwkBtoAeSy\/wK3OZS73vESSlakWqK0P7bsQwjOVUkdDQtyPIOzLr83nWK+kG9lLpJJVaZmuGSlicsuKSW3UVgOwYHTgGL0LqC9v8+N3ky54qsRfDAfSrjN\/sKDjHMYwmZ+4gh7KwvCSIqfvQKwwLBsWTQN0QuHRr3FUwODQB1h08Lmkan5qM37FF5YCGjKSkUn5r0TJ4jCJgfP1m\/8851fKWS7T0ahPOv1jTngYgeN8N4sisDKu7Ks4awnfeECOYSUer5JGvuwEgfevfGesBlmfdQQevPe96bmkqL1u4AcLE+Amvz\/PEsNssZft8ai2WkGX5J7ZIKS8eUC9fgLKdm8yH9U9eWVFVw2p+U0rW7XTWs7M\/4HOrC90XYC\/Dkudt+RvjyemxYv5aXiFIjajgghwAUMMccAoaZkKz2ubxV1mLV65I5GK8RDbs9CgnUsKwfGV3khv74W8yF2Lqo5LQlDBbZkN6VmtG0KRckGB5LE4dBCfcdxlnaa1NpO7vxJ6KY8fhCB\/9pDhDjNQIE49r9x39vD+AlrIbhr8nVtCGCWGL0eV6r197mIMgs7UkQJcCbjo80OhvChZFRnFB+Mc0Kmscfw4YH\/yZdU0lAH8m0AmD3ShxfGNi7PZNP1tjByk2zXhrUmO75wl9tkMPf0X0TqGs0sVl4WB3B2eY7EtyAf2f+Yd+JQjNl3X8VQaEOEPTiGSIFhfkOH\/XG0oK107G9lDfMtUT5N\/oDQRBL43bO6VgTiKPL+CBE7QN29y+GeYW\/iMG\/S6KqyH0Hd16h4uqF6s1yDKEtm0OqeeA2VXB4jCFb0l306FamJb6\/JvO5rN0wKQkua7H2t06dkBBgDJo6H00MHrmCitAudnEYpYPnT9brC\/ynQy3aRgf6UtFP9ddv3SaSBRlEQ8\/4DooLlBUsYHSgcs6m9OMxiXvwy\/it+M7ZVPttviF1NfL7ZuXt6fpf53JzLU8QYVXsNI69OoaL1ZWKugOKVjkKoIBRJ8Wt4QFQfaoU2CVuCOxtLThhcPpR\/aWg5gR7iT1L5+mDVze\/8c0QlMSEkYUk9S2GniAbi6HZHPKW4qFVRHyOq6N1u\/E46Lv+fN1pRFgmfzgYm\/v\/O+WjatzmbJh9Yh3t9UINl0GOHUzF5fEnUvMW1yBKkgnr856IjSgiFZyFbWE\/c5q9XlEomQoRI0aTdkv2ur3DyrxmW6BJzFIUtMUamSMiutYlUeNTzzqiTL4mw7THEaMvPQKfL775O6JvHlJtNeM9tBhAgYBcDBHZmEsZL\/YypKd6elbwG5MlIF\/fPHB\/UVZMKuOybAZnk3QPQlu8CE3kFgLSoFjF5nd9eP5eZP9hNGuIHo16MROg5DHbhUxv9w\/+cllKN1M3RgSQGgcOhRU+I6uyDYPd4oAB8zc\/Mj0zFflvoKHbOTdVnI2Q0YW6u0MthRQEX\/QpCLD4ISFWFAPKW98b813\/nszgL1oIztPSrIN0gpUz9ejqv\/WR6mXgz6m0ka\/PrP33BgyFlUj4E46YAf8eouVc2D6C6Rtbk93pXQOhsFJKwgGy+slYnPfLGWkwtOaeyBRVBUoEOJyV2VnbHtvhx\/4GpofXalV5NYp5d1aGqTOSYC5zQ5zILPnosq6SNXGCLDfP+1FoqWDdb\/+Z6QhOSQQaP9Phpjq\/H88wKeYdcAtDNJMDQHdon5cK6sY\/Qe7qkpZ5N+NGVi1k"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146253018,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_usec":1654385146253018,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2XepAAEAGgL3AqAJ+DoiIbMDcAFBGVaTIJYHQDIAYAfZcQwAAAQEICh66VuKaCSE3R0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2FlYzAwYjFkYmRmNjc4ZWU4ZDJiODlkZjNmZGJkMDU5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146253018,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/aec00b1dbdf678ee8d2b89df3fdbd059.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146253018,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/aec00b1dbdf678ee8d2b89df3fdbd059.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1350,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146263001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_usec":1654385146263001,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2wylAAEAGG37AqAJ+DoiIbMDaAFBc\/ojalzQeJIAYAfZcQwAAAQEICh66VuyaCSFBR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2IwNTdmNWNkOGZlMDEzZDIyOTliNTdmMTRmYWE1ZmE5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1350,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146263001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/b057f5cd8fe013d2299b57f14faa5fa9.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1350,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146263001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/b057f5cd8fe013d2299b57f14faa5fa9.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1351,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276743,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1351,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_usec":1654385146276743,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2qplAAEAGNA7AqAJ+DoiIbMDkAFAiak7sb7SjVIAYAfZcQwAAAQEICh66VvqaCSFMR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2YwNTA3NDI1NmIzOTU3MmFkODUyYzFjOTVlYjVmOGE3LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1351,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276743,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1351,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276743,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276790,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1654385146276790,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCh4dAAEAGVxTAqAJ+DoiIbMEEAFCZqr96liGslYAYAfZcTwAAAQEICh66VvqaCSFOR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzEzYWViODFhNDdlNzYzMmNjZGYxYWVmZWUxOWVhNjVlLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276790,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276790,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1353,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146284849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1654385146284849,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCVPtAAEAGiaDAqAJ+DoiIbMD0AFBFStvgIItD4oAYAfZcTwAAAQEICh66VwKaCSFYR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzAwZGQ2YmZlNzUwYzAyYzhkMTBkNzExMmQxNDNmMzIyLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1353,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146284849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1353,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146284849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146458654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1654385146458654,"pkt":"nLbQ0+MztKXvZygQCABFAAFR8fdAADYG95QOiIhswKgCfgBQwNwlgdAMRlWmyoAYAHrh2AAAAQEICpoJIgUeulbiSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNDU0MjYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhjZTAyMDA1YjJiYjVmYzc5Nzk1NTc1NmIwM2EzMTk2OTI2ZTc5OTYNCg0K"} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146460775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146460775,"pkt":"nLbQ0+MztKXvZygQCABFAAXU8fhAADYG8xAOiIhswKgCfgBQwNwlgdEpRlWmyoAQAHoGUwAAAQEICpoJIgUeulbi\/9j\/4AAQSkZJRgABAQAAAQABAAD\/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL\/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL\/wgARCAI6AbIDASIAAhEBAxEB\/8QAGwAAAgMBAQEAAAAAAAAAAAAAAAMBAgQFBgf\/xAAaAQADAQEBAQAAAAAAAAAAAAAAAQIDBAUG\/9oADAMBAAIQAxAAAAH20E27BKcXAViJSJBAEhBIEEgQTAAAAASAAAAAAAAAEBIQABEwAAAAyCYGXpdICAoRFNwtkoAAADMSVVpqBeaXSmYkJglIAAAAAAAAiQIAAACQAAAAAAAImAAAgAABsACAAi1YGypYShsBVi2AAJAAJku6gAIJgVglBICAAAAAAAAAAgAAAcgCAAAAAAAAgAZEwAAwCBkTAAAXiRKCQIiasYAkAAq1B1ciQkiUiQCQBAAAAAABHBH348TWtPcnj9iXpIw7lmTAEkASEBIAEEBMEDkiQAGETA4JhhEwNkrvMyAKKMAraoOxAJQSXF5kmJICQBSRIAAAQArL5Z36Hy8UrVkpqnoEMlN24W0\/TdLxXUM\/QCrTncBkkCArYAAK2i4AAilwFgOiJhsYu6VgFIAAAFSQdLxISRIiJAgAYRIAAhDvOu+bnfmvalJnNLC0l73E50VemP06LGdLmaDHTMFRNYhVM0AZFAGXWwkAEABQtI6xcEsut0yVXSsQCkqAANzMSkAAABAAQEDkgDJx9ua+jJze9zsq519KVKk70Bo0q68vDsTtTZsyJvLSitdH1LZdyzXVoJJaiqSJCzU3aYRJESQEgABATS9BzathAAUtIAABS8BJEgAARMBWsVm2Cl5vi51ZuvXsZs6OeujmqhJl8+0EdHLzxdsy0Vb6VRS06eXq3XR3cdyXUbyHzPQSWUMtFiIrcCs1sOYkEEASRQL0IKm6wGi2EgAAAAABEgABEAmjO859smtLOd8Tgex8t2Oin66M1LXQ7fRjVuNtYGKurTNb+DdjWXdk6+tS1kiH00KJvS7yU9Kh7SkTM2rcABorMIraYHUuAuGwOrKWFIDQAERMBYACllywqK0VJ59Zipkq+V9Hy9aw9Hg9zdc\/cnWFc3cuLjdXXLha9EVOLVtTFchtdlbVcqHLWKq52JSM0rpWk1y2ZpjEtM5iQUQKG6c8g8iWgAAAKlqp2AaAEAAVVaYqqyiay9I3lWnm4Y35dF6Y85kG\/V1nZ7D7LaNvJ1IkmIlI9QzKHP6GbU7vlalCmMzFWOe51pbldoty\/PRz8nrZRY1dKm1Nc2rM3MQsvS9LjMCGpAAiRFCwnIQKaTWXF8T875PN9BzFzu6eZuWxOc59mY9nzek7Z5Pf62Xsehg6OO+jdzdTjUp81mi12p05QmtHQvzFHouj571riMHUiJ8L6LozpfMs6ueuO\/RRyZ6KL14WuSvTjpztX0XOhLRXuBkRMBJEgRMIAAirKjOb0M0JDVO4OpiNGYiZglr5mPwnXHtfEev5\/ZHFZW+uXa9X8899ydeyVsmk78yrO3l4TKizC12uvRaRl6VHrOVO5SOrWrSedn043vszp6EMqhvltiTjdHL3bZt\/bqW52up1zUUWiLAABEgAAAhvmonZbkXjLqP4PoODsrMmzeWjuyfhnx7fI9f4\/ezkJ9r5O4zd\/hQV73fxup5fdptTJtz8HteD9h1PoRJVM3YcBHpb5daxVj6VVVGHFaTqwdA6cet2ZnUwQ2Y5ufqomNbsuvTNkRZKbiE9FkXBgAokoFgAXz+qJebyeiwxlye4\/NehpQ96Oz05uW3ksvs\/"} 06391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":4,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146460775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4386,"pkt_l4_len":4352,"thread_ts_usec":1654385146460775,"pkt":"nLbQ0+MztKXvZygQCABFABEU8ftAADYG580OiIhswKgCfgBQwNwlgeIJRlWmyoAQAHprIQAAAQEICpoJIgUeulbizvWh8Wahdkv8Z7aPNX45iLkQMYD9w59o+4fE6tPJWMm\/Sk9LjM\/Tr8eLtEnW9Mqg30PSVZfDL3Ac\/Sbt2n\/pR+MdJiAQCCYmdsBz9ke4fc\/Rn9dvbMYOoTbdt5pZBzKfDL1ppTY1AErZ6oz7ouCXrARrtqoLP4xU4RNqgTaRFYNMcA2Y0+MByCYPt49\/n2Hh+jM7TmZjTUNuuoP1H\/NV0OOj3ctDpL7G0+hO\/wDiitts2YI0yZdfple4bxwQ7o6QWQ9ZmZyFOG+DQe3OPu4x7DwPiHugMJlhKpfSF0+Sp3C2lht1H6A6Ku0csmY4HpMAxwWNfWATGIZvzD0IaMYDhmjjKeQPaevDcfsfv2ni\/HM5q5a6sPbdmOJRbynuHbX1A4BofPCv4WHbWo2TExkeC3bPnUO5IDlCcxetYtXf7CMhZuIO9YO37GfcBLblpnMVoRMTaJbS2bO2tai1Fnjl\/R0uHqr+lcPZictmYDAtIY343J8WtVINzvjciATmU1tU6PFOD+7rLN2\/lyt96M2wK2RD4XAh7oF3H+32zMTImrsBtXpNLa5cnaNwEzCJZ3T1HVf5tOpFVpr\/AI1jpzFpbcvDmIDumbIzBErbfLTOZtpF67qX3QDrqa25TaVxf\/H21suwzUJ2008tKu6tvx8zFVF\/PWw4XzwHQKMfcPaC2Xz1sCcy3SsG09XKrtnaeG6epaz+VfjM\/wCPROx0yrsn7W3HE7uF9nMsp\/HaOmoZ7BoEyFwVmevK2wLiX\/NBmEZBbKoCpA69vN0ibKH6tFEB3N9k8b7ipYZg8sMpWY5IffMjOr19Oklr\/wAmkrsYjoPGi1QSBtvEb6ompVuF1mxcYSj4XrZYoQFa0ARRgRgS8xNQIp2tCJX1UNsir3DVpFbcsCReh+5qa+ZVnBPj+qeX8BWA19PqbgqyNoKmC+qabY6fECAZdTti4mJ3QpvmoZqaqVnXmV9IPkRFHE63uRw6y7raRlK7JjcNpQq6iPYRWhBlXRPgrO9krO5AcjxPP2LHCKdbiPrgi1WLamGE3YCRANx6tNStL1aTn23V6eu1NRpW0eohM9PtcwdYmceI\/j1S0V0UHdpH+ak5c4WthYuODpvQ1sAihEPQGzdd\/wAjLtatsTtsFle2almerTtEfMCmwtYqH6bkTzPHvPQWWcx1yScYps5TjrCqrPMHRVlt61136yrVpdqXtHp2s5DX1fzJdQ+nslbPp7NPfXqlQOI3RbbVrGrsbUP6W2\/08\/HzavVK3ap6rkt4kA8NXfmH42fJ13L4gac3EKK8NREp27stZMIsArgxNxE3wEe505inRCW0chRGRrXQcmuDpH6K7hR6hZqb9XZXyWmm0ovGh9Qre7V0pfXbQ9XDwa\/UtQkp17ak6mg6isrkekoaqTGY7f8AktTuqPeHcT+Ss59Uu1I2f1XrXYO2txhlOTNxEGJucSvrYbCZyGaClBFRVi7TNghSB8Tz7tRWbE\/iYgrTT1GfGL0lluwtky6kamkqRKaUezU6jncNJrHvQVrydX6cqx6bKuHpzf5JOaFoW3VUDbe3Sx\/CHsxvR1IlWpSww1iOFC\/pPiFLQKF4MgcWI1RBWybXSb8lb+0c541dk5\/ZsBC3ETzCuZ1Q+7V\/Eagla3xAnW23lwdsxhutbeoV8ongcy7Gmo0uvt0sXVV6xtgCXaSl739MpRuXujV\/Q07i26z58l2dqrFao9SsOjK2DmLGd4h5rchCK6kWbpjiyhlevay3FZ2WBV2tX4hA5vLIhO6I2wzzB2t7CcBjmLiyohlI1J5Wju5PqGMS3LaUOttIVSllZpulDim4ksxOBjkem067U0ynXF6v\/a0MNFamop9T1d270MHn0pkwjpYsRtyuIKzm2uLSFZcgjbYF457pZXzAy4mGQ127mTxLEBYZSFQ4xKm4MMgHI43nM1j8vT6H\/wCvfpYOlvqymrX1W\/yNLScPom\/j6w5x6tXlOO3edZaLdR+j9P0wT0v\/AEfqLf5PplPJ0gGONglR2tZ+NVyu36mPqFeYp8qRMtNwj9IDkSysWBkKFBiJ4j\/ETGyMN65weFfx4\/I+pfi9OO70+3w\/5fWknot22z4P6uDXatgsD1b0r8ewjIstNonp\/wDobaP5XrWn+pdxtOInVrT2oMIMqzAll8w1AzBQB4sKYgsEDAllDh02CvxCMhG3BWyH+mWg8ReNzba1GJrO7T+kNG66eyeqru0lVnI1tvy1tfO9N9Jt5miaa2vleo+\/0450LVrXNIu1eN1m5kXYK13NwIyFgPErMdZaAVDAcLBlKuNqlbQ3X5IpgOVg4291v9HTmVenvyvUMQ9U1vX06346d+f6cnz0JNGu0er5uh1N3Ps9x6D0q3KajolA2pCwUWWNZFXEA6r7PM5azqIWMDZHBycNAcA+K+Nw6xTkv230fj9jHvcbaq\/l6kh03qW8OVHbqj\/8a\/w9FfdpC61LrU5fqZbA9xIALlz6VVL1zBZgFm4BMwjEEHAuBBaGm9iu5uT3YUsyCBs8N55rflxkK2R4YeI0sXYVPdb+XT\/D2NNR8avn\/wCQU5r9Mu5ukB+rrzy9Mfj6G31vUx\/mW3NfY3xU5X2ZxNpc7Qi+kIw0uzE3RUJgQDgbf8mbwITzChVVLhXRzgBsZeEsF7HL5gtyh2GqpTwBw5Pch6Q+bhmtT32dXVdq+w\/K78aD6mqoGp0unubSaro09YVmqByNLf8AxrHsax4eorPtxw0ejFgAgbfFQLxsfl1\/IUvvrxullg2tYSVgEwJtE2xq+vUHkgD5uOgjH6mcxTiZidbIPyV\/k47xwP5GG5UA5s9c0vJ1fputFcsRbV2PU\/s+Nvt09XOvQTUW5lS49msbMHip9jM+wZzBFEHAcSMxlinqI7ba\/wCtYDV7Cqc0CUcB+er48Hm0cCuTOWMz1DS\/y9IRgi1zHdrG9lo6Kdy+z05ctY21KxuvTxw8TfvtI68VMXiPY5gXbA3bYeYT5p+I\/Db86R0lY3PxQ5htwfd63o+TqK\/c3hTsb2elt32fGhe8eOGobFY6N59mcRGgPATMzGbaMssWoGcquOoS29drV+AMD5WqNqypdt\/BupLbLd1ZiEke3VaddVp3rai73EStsjj6Y+NZ+tMO3je+69hB4Iz7B5DlYpBhYrOaMkF4EUSzbtFnbHGZZ3UUdSegor4LfnUEZgOeDfO35RPf61ot6L4eK2fY\/R\/iQcjgxauyr1Cu8ULtXgzbFx08gcCPYpyABBAIODCKSIp6E93\/AA04VC0DAxnVA79\/8oKgIcRx0cbjtaZwfcRka7S\/wtXGXEV+No7fIRsHgy5GkTfq08cNfqEpSfuZ4GfuIYIJgNNrCEnbacuDhhujDAz9Pdy6a9zlTuOrUhiMhTldG5LwtiYDQ6ioEn6kz147+Gv0o1emHBkikrA4MYZUTErbj6fWDrBwJInqlnM1dGoNcVhYs88D4dxWmekWyB1nNWCzMPUAABh0rOUfy3hl3pWdkTovN7tQNjBXIpqNS4gbBbO04BrqWrg+pPOFymrmAQscAdV8T1jT8nV8CmYVIgYjh+op3Celj6446jR06karR2aQ1W8p85Wq1bUhltYsqq0fKnSdOCBYDPAHRYrEOXXe+coSsJBgIdn+ZAtRVCCAlp2vP3leGruKwSuuZCzqYqwDHD1Srm6BT7CojADhiKdpnpQgPsIyNZ6VKnNehrZqm02s5zM3t8T9raRN4KeapjtKh\/buiupjNteeJ4gyGmnfmafVEmwdGDdFXgvjj6noRprB4mJy5y5tAnQzERpptT\/FejU13AH26nR1apT6Uam6IvDMHEdYCZmVefC5zWMiNgvtm2Y6YmDObFw0LdOaZvMyZVitNZXkDLSuu5iNUsr+pB7NdTz9GPHFmxAu4gYjLngjZnWt6PVWWU6mu4b\/AG26RXllT1TdK\/kOHmcmzdyLDNpE8TIzjAn79wGD0M2wDrvEAxMqTfQ9UVrXFeoKx7bLJRaLa9wm4RnMBfOrr5Or4eIE9jpwzkQZU6PWalouoQwPN8yOJ0tLvZSxsGnsMGnUQDAIfLPcsW1LYRtYriDcsBU8fM8e\/cZmdI65l\/8AowcjBiKXbT1rW24ykLN6bjnd6smWz9h046fTcyBOhEztiaiyLqliXKZv6czC1LtTgQDCuZlxHRbRloOBGYM44kTwcEz4zM8TM6cM4mo6aQEEIpsKYrVchj3TZtC1hdd\/bX1c3Sj7LJKNHt4eA3SGfFQO1h1TeFHbKtQrjImeF1btBqLEO5bI3X2Do\/xbgDMQdsxNsYZ4Z4fu\/uRNLWAFUCwdEHXxZZ3M+0OLFj+L05WomfsU34i9IDiGKMn52QrkgYhqV4qKBy5tmXd1a9JzFsmzYNxYfrgPNg+pM8A3AeYRmFTw3dFm4MwUYU9XxMbD8oMAX5OoHnq59Vp2uJiBiJ599Gp2zOYZjAqXrsm3riDgTiYg6aiYmJj2Lhnf8hEzMwDdMzzPB481hKKeYrUBXGRMkxuvF1AiqCp09gfnIBq7HuoxwxOqwP76dQa4m1h+qxhcQ4UG2K2YSFhyTkswGLt+9h044hXtlfSxj3RuAbh4nzHUTOeDSjUCuq3UFw9zhP1iMYOofq7vD1RtM0s07OhXDzEAj0tWckTePdRqGpNTpcmPYsI7eYEgJBfxQvTExwUQzHXGTMTbmMs\/e7KcB3Dk5mybTEqckUtLNPvWs2rY3aMZgDJG8WnL1fizHcJXMQeaadkKBxdpykKTuWCwe30+q0vTcLOJxgPhRLl3V+WdcRD14M+074DmGY6sOnDGYyzcYDFG6Wds7t20QIKz5igROpHdHlY7YzKIMZNm6FJrP9Jw01ExCMQCajS7eBUGbWXjpdOdTqHrATX3DTrpPUFu4WdTWIOG3Ed+wgRSTM9G7wDMxTkeOBHEwr1z1p6InW0jE5Ygit3FSIPDdtli9EfbLHzxqWM3drjt0koq3kNgfvGeBmo0W6MSjZzx9KVatJW22i+433TSeovTOfTyauoHC8dFAzZVB0DKLHUMgIzEG5R0EPA9OJGYyRe2OuGz1xG8RbCsBAi91hjV8NpM2TwNs9UbCVVm18YiwDtA6ERR1PnUaVNSuo0tmmYWSsc17k21eo37NLx9P0Zuor01la7bpusB5oijoDkQrmE7oQBE+PsI4NPEHysgZoPOY3he9ugGMkDEr6u9i1Eaupi2rXPiDzNc\/M1ddXKTEUZMEMxxZFddb6e2nnple\/WK2\/U+oXrZq+OhXl08HBK1Wbw1UrfuhaE5a0CxdNa8Fk3iZzxbgeB7lUMp5gm6YDT8ZZgYOkdulU1DG28hgKEa2AYmRM4FCZboJ+gMFfZjMxjhjomlXTlyatOepDlYHBmnTmaio4s428yrUaewOLqy0Fm5SOmYW62nl2rrK7OCDi122yZ4eITsgtDTsldzUMCHXlrCqCNYFFmpDAU7oK1nxXBYDCxhuGoTltnedrFa9OWTlqJtOBiYxFhOfZZUlyar0ZljKVM9KG5pW+9eDoHUhtPbXctgsrO5MWjlyyoAModSuDpdQXbdOsus5de7mLW5wH3QbsKygWIWXmbZvlhG3S6nlTuZH1RjNuNFXVfx\/t9xm7co6LX8HUOK9O4sZtkrbKpjGcWWec59mZmbxnV3mmvUMtyWaYiaCz+PVFbaQdw4OgdeXynV7EVnrJrbfXHXa16ZOjXlzf3WqFh769Tp9grOXSnAa0gjOd3dbVunJMHpzSrRV1l7FrFm13xBYyselZOUDsJvVoF3TxA2"} @@ -1044,26 +1044,26 @@ 02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1469,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385147928387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":113644,"midstream":1,"thread_ts_usec":1654385147928387,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":96206.9,"max":899707,"stddev":188732.5,"var":35619966976.0,"ent":3.0,"data": [205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478]},"pktlen": {"min":337,"avg":3651.9,"max":18772,"stddev":4182.9,"var":17496908.0,"ent":4.3,"data": [566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1],"entropies": [5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1654385156800184,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832164,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} 02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832624,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":4,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaMAAHsGmjWs2RJiwKgCfgBQrVDIz2yiXVm79oAYAQUqYQAAAQEICjsKomxlPCxhRGOWlBMPc8NAU6L0AwXb0xP1hbpNb5QnvHhi14QH7hpA5J0epCNAI3FD6VpnsrglBBzqahPzg4fcrfNXbgrfEbonfkeun55U+msWCvcE1LU7Yio2c8X7OQ+d5X4k+j0B5ep3RiVLjpfR4ocOAYEuhKUB4nGsBURKil10712buRM+PclvqoI1KAUsL0tsAmoUL6HFIPRQdutoJDJyRc5EVtem3kT4dzXrVQepXcBf9GZiP6CftumvxXxrNunGKz5t5cF84x9XP6Y\/7knp+i8Vn86u\/+pqUdKbDToayA7i7UI\/SNaAYv02Kc7c6Qw3+yNRFjGRREinrCl0ixySgNb2ie2qO0RX1shg3FFg0KncbzO5dzF3f5aX+V0m8x5m9vMy\/135ezrze8z8az7Krfvvmbo\/YPa\/VVp5uX\/cl0qZAvu0QInmj91Gdoi5sbbh67vw+xZ+9+D3Hfy+h18Ffj\/A79\/hdx9+sVp43IbHK3xee\/tO+fv1hn6YxlxuL+gQc4uonNQR5FsxNlvSJyv5KZYIIsInUFEXMhTdWeuUqK+b+9aJvfE8E90f0FNKD2D5s8eOM3r0zA31h\/OXpv7YgT\/FvzSOTR4ogVeQW\/z\/uhMsyRlkcqIEZJoe6l5iDcF7EL8zR0Cg6R8Jy2mIL6DHjMlk6u4PZyom6wbQAVo4N0vAs0AXRFVlkY8Vi15ZFvyuY6pGnRArOKwAfhZ3Qdh3sQY7cg+xF\/rHJZ4x5K3VXTfa5J3VNdq4iSZ2iY8It0ER86E4JLehjxJ+hFgc9+ZTd7Lpg0aiAZ9QlHiT+ZjEqx6RF6uL8BeIJ6URJ+lOZTbnmQIQ+efojFAB7f20ZDzZ7f0+KCc5FXx+ZQUDMs6WjsF0Sjgtb0u+PhE2g8zL5DjJygQcVSwGRWsTnTme2hTD0TuGevusrXFvANaijt4+uqsT6hXgRl4BlrluiEkGUb2LfK+d36QdkMnmDJYic6iNBnCWN4CXe+1Eg1w3OqW3ptNx1tep9oL9t9P9Rx6hO7z\/zr+z\/+ckMX3QlaxwR7EuZxZxsF+oy\/JXwrZpvue4xHdi7ghYb5klrfMNsBko3BfquxyDjbasUqLm9UfoBMRhtFHR0E5lXdWrjHQxtwGc+AiMZcAAsyKcQpDI6T7+FIAw9OgDLPg+aoXv3pVxtVtXarBW0d6+rT75795Vrzs+JvlrRg3Syk+9d+\/q150epPXW6kAe7CsP1EmzXwgKfqG36EPrPZiK6V1IPaBEN1zt0SZTd6Xc7setQ719Xi\/03+nQHEA1WDehZvTpIdivAmQlvFd97FWhB6pLpLTfjEARBgxa6G\/yDh9cXXcucT5li4nFNguBmmmSSHeZXr6Sewvfoek4scAoLP8RHjmw2vSx+ZXwLQzm7DIWYgU1f61K4grIJlTy6Ke8Hb4Me8PRHXQJIFKvrrhDe+QA8q6Q2Qq2hM4Pfa0jANBbUMyJGWCp0xGGD1tdN9CqaKvAKAL4qVfRS4b+Ym\/qVeaWs46+7S5nPJbq4lx7AGmtU6+umijlWaoH4F8rV0tPiCuajh+gpKUGb9\/W14xW+clH91X9G5HNRTjirzAVX6kMF\/tfKZtb2zu7e+8\/7B98PDw6Pvn0+fTs\/MvXi2\/fL4llg4DqB+FNrz8Yjsa\/JtPZ\/Pbu\/uF3yShXqrV6o9lSYrqB3ltKYcME5lrYgD\/rP036t0j\/KtdUzK+9sxN+kejgZhNY+SDox1VpnS\/UlcyRnKxkB35ZYKDu+9Ei\/orbEwAl+guAXOD+Ax1pymFWUJ\/YD1q3LCHe2pbuWGn51KIKp5XEkLDfd33Sp16AkyE8IB1y0feaWrm+MKc9hn+EyhcRaU1WtPUwc5lAtTINRvO+g6b7yPvPdVZgJQcrw9Fw3R2MZw8rkek="} 04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":5,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAtIHaQAAHsGlKqs2RJiwKgCfgBQrVDIz3IsXVm79oAYAQWNnAAAAQEICjsKomxlPCxhbdFxZOtbON3F7zmWQqZFsW6xYbpW7pGQ2Ik4cygk4XCudROvnPDyfZ+YiXoWW8OR9r83Gf12EaqgcrlWF6iMdf1kWu3I1EKK28ATtjFtiesi1Pi43Ra7Uvpzzt7ucD5w+RfQlWFpRD3zrZgNQEcsk3aljX7M250E1CyQ5qy4YEAL0oEZkjgeff8tKaKMYYVTxj6I1l1dVWnDa2XqKBAVCi2hCKWLJDHFZkd+BmTSo\/hAqN89ma6Eg8GcDhulcOxbWRrrDZ+Ff6H+uHarS+tvau1nJ3XNXG8lZhXlSvgLyZosZvUsCV7cMRHdiGOHRSEqrK1lOg\/qe8JLVui11Pm2b+kDSyi63sR1f7sqTN7VNXDsYWaFw7QVb1LQ4AescOwzd4UMYyivHLnTKfFdetJq9JI\/\/nNf0Taxzw1NMVTGElQ4ppMUphsSphtpTI9r+mXJil1EK23cWLKRPmUQInF4hWhsuyjh7h3XPqH95JKGmCguZ4ht2DYvC3gSDsOZi+uAtCPdkokcYr7b6ISdM9Ps\/IslfFchS2LbO6bkoqffCe97Ip9jCYGEFL+AnMdXOPqdpUVToAltbNDKb6cLDYDIKtujBLlQlDbUblqLheTFH4FsGhMec2Z1LFMy0cytthUdlWMTF6\/iu3gVcyDQ5wykiMmLMidxdMmwKAQZCoBMzFgrleeJ9kpjGfpDqtQghP1AoR90\/w4xbe79bVJcicYbd5t3JqFETalrFgrOJZDlhHm8g6KbaMJmTXSyS54RUGNtLaAH7iJNOGpxJohpgo7EZIQUZ6ODs5PjyNLE31Ucz0QeR4Z+08lrS9R+LpOv1+BnF5dQ\/Mqqoxz53sqzZZJigNbJIigOxZsrUgwLpLiJ1jmQtLcyzgtCLafYRHUu6x2al4ClBvgPtBpOlNuqRAtKbZvS0oAarVk+nY3E1vCkJjRt0YYX+naqUR3Prjw6MRo7SFqcTly\/C\/W7wBuGFLR48jWEFe5041pNu32PH+mBXsnE9WBlGsMNX5mK4aYyExK3aBYnjTIu5UrmwKLUgJN5tM4Dz3U1PckfXC1eNS40MADS8BtTXROwzRWIq+nbtDEXm4tcVvSdzHwQ1istSSIIgnSh\/7YyZmOem5giI2mvrpJ0aYAvFN98VfFCpnQJC2+lIas98tO7XRtG3U6srW2eRaJie\/F8sGnFrRinK3K2tyV9XF+VBSWcrJ28eWX1AP5tI8WwNY3t70RryqESBGg79LgLfcJ31BW4+ElnxdZS\/XZgpWynYRVToxKnQpZMhbjmZgER4id6EbT0jFaJHdOlTcUDRNdPUHJc2TL3PgNipvikVwrgGl2xtsZapTyFUdWiTxc\/eouh3ZQNV3ch0TKBs2\/xEzgwIl3IWlYMFktn6L62BrhuwQNUYTE\/GjbZ0WF6twNYTnOuiiKA\/27xTN0kHKw6fMemeN2ujPgfXjlSNj7WArrZdLw4i4dr2eskhswOXfICHeY3x9rvsDMMDxRVAPjYsz6eaPmt9pijEPUUvqLG06enfqRMjmGyx297YrLHsQNj72rMc\/9WJzA6BPAEl1MkxU4AKj4zWkygOQrWCZKTBQeK3wFRu6evBtrCQodMDwb4G72\/YVJWPSidFpl9LZ4tPAwS0Reo2U8TJ1DtO6tQk5dfBpY9B4fDIKAiPjKKrv2B8G8Hrt1jAn8IOvnDypSKvyizCo0AxF7bFKpMkx4ZsdmaYtt5vrydpzom9hV68lt1GI65CEjaf1T9GZKR6B2mmmossKTEavJhNeVQLEoxshjDPLNXkZYVb4A\/ILBkzhLThQ\/LCVG2WpdX63RhGG1HVOuIancsXgdQAX1\/WXcj8S1aJUwpkcwdQE7YabJIMsJDZXiazESLHKxDWJuIppiU7mk0WICho6+64nheRC+tmF46QOqzQDlIE0sxPpqD2vg+ZkdnCbpNZQ+rvR75tbBywix7lC1KsPvmISy1QyaSd+J9eFm\/Kw6Y1rUPsKdFnC5uWCLwaNZNU3WAva0b2rqaKevjlrVwued2Cvp2Y9Jzpry5GwFyqB2GgHZvur3KPl6Rax2kaUfTuKNYaJJ11naH+\/XHNvCIblho23trdVVeJNocs3RSMHh5fmAiEJPT5pm5E+zR5refXzcPv+yyxYbIwuKIRDhisW0GEMlReiNvWXmNFFjfN3V5FFo3SQtQvA9wYO0oC+IGPYvrmCCcUW\/2KOAGue643bScRWtwtbbDCoMWepQM4oBCdtoRmvA+CWTpWyC0UDFbkjaOrQQigowOihGWPrTYdlPiqDK0Ssbj\/gNzYYgOjEKFd0CA9SPAsxO5Y2dLz+gDOEdcY\/xEDYTLTFJQrfrJuspT6q9NUOYT\/oVZCwNUAxM6kDUGSoWn1Ln4iNkcJJODpn+yElaUz4L0gDCue9oj3cLzUaSnpLebUWSAu3vFoy4asyIG0iZAtVRGwLT2e\/YI+gnVu50l6kzs\/0I1G8dSUwoOrJW2DWK0arPjVJgDljikqlkUVN1uSLEw+8nHdFT7oN90RTpRx6m3HoopvO+M0OzL03ryDE7sA5\/VOvv5GME1SVjFmyTJLifur3k4cacrZIW5yMXWoc1P+yuzUc8dKlzpYDiu0ZARR3j6jPvpRl+oKzhwRlI8SjHl0fjhlPqWuc5e6PadKXPwttwVoGzM+9yjwsQKp47TyOMEwZ2mg4xM9XCb14Yfk7\/GUkS8hcG6pr9gfueaUhwkZ20NKKTHj4uwqDqP8UH05+0Mnu5rYqOs4Hd+qYz6oT8UngHgLlE8MdC696imXPnXpgd\/2p8ZmdLpQWtIgBWBwSso\/4u\/uZzgoksVfmdiJbdjsNNY0cmMBAk4fZYE7Ovq6TMUgBXL\/67pp5bA2i9p5su5AgEYn6E5inpFcN5wbi06X2RStocnMhIpS2PmBKy9r\/lWh8Rqt7J2VpYWwtO5hYaFtoKt\/XQRadvbmFUBQSKvakoeLPWMwl4\/R5jqZxSyNB7aK+OcRZTvQjKn0QACpaR5y6I+tyZarKRwAZj\/GzRKgFXjRgFu8tHfCf61R332MxiQoUM3EgDh6ENAM4QDn\/4Mx\/MZPvTcB98d4lM\/HPbwd+DOaMVjMiEDfJiO5hObtjGbEJvmuaOtsc58zJv10ER\/x+8W88DofPyDiEhhIV2CosbH12BGKJ1mT9ZxnK4jyKnD4PtodsY8cWkxd5w3OGdSI4JekasKc\/oRWGir5Mq4Lli2qnQV0BDKbI\/d0mjS3xRU9hf6m5dR+GMWgz8C2oYJtD2fAGF1nVOXzdWXSR9w+NIyN\/6hXv2j+7dr9CvqXv0DH7rq37iXm9bd0B070QEp8pKS599oFcyvaEMFxiyNFEPUfKergdjL1s1HgOR3zGjZGSE6G3\/NYue604bt6LvdJQW6re1+Od3fHg3GoyEsN+rjrMRsgHp9aK8l4HYUYMClboQd10yLiV23jXxDNMDjZsiaDmcALobPYLoS3fymVg\/QFAF+qrDWvIsCFyprCnWnzhmRoxUUU8n7wjEwoCHPkuThcPmKdG2+Ig\/\/ZEUmVtVhemUe\/vnKPEyvzMPXrUzPBpR2CBAodJHrMAcH\/Yqs\/y6ttwo\/Nq4L5l9vNkLdx3xqtw3\/D2az8bT7NCBhfzZ68mZjrf109Y\/2Bq4K+HyFD09vNA1KuXSLIWDSx6GqEGsERDJkxwj+9ptHuPytQEa27kNa4CaL0RziNkA8ZBBnfK9vWuxhj4koOPZF58Z+YfSsbCrjK0GdKPNnM00NVbkrOkGhbuwsibqxMzTqjHjuh9kAKdPAzkipyQrTh8Kyew=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156962711,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156962711,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02042{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1654385156962711,"pkt":"tKXvZygQnLbQ0+MzCABFAASM3BpAAEAG6JjAqAJ+oXUNHcPcAFCL3GIckxS0LIAYAfZ2NwAAAQEICrrGVYyXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGVmdC5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1503,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156962711,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156962711,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/left.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1503,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156962711,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156962711,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/left.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1505,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156971856,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1114,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156971856,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02046{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_usec":1654385156971856,"pkt":"tKXvZygQnLbQ0+MzCABFAASO+8pAAEAGyObAqAJ+oXUNHcPkAFB6Mp7uO+mvZYAYAfZ2OQAAAQEICrrGVZWXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGlrZV8xLnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MTsgX3R0X2VuYWJsZV9jb29raWU9MTsgX3R0cD1lODQ2MzliNy05NDAwLTQwNmMtOTdlMS0wM2Y4ZGE0ODE1Zjg7IGlzX3NhdmVfY29va2llPXVzSU12SGt4UDRKRFhoYzsgX2NyZWF0ZV9kYXRlPTIwMjIvNi80OyBub25fbmF0aXZlX2RvbWFpbj1odHRwczovL2FrZW1hbmdhLm9yLWZybmQuY29tOyBfdmVyc2lvbj12MjAyMDA1MDU7IF9nZW5lcmFsX3N1YnNjcmliZT0yOyBjbG91ZG93bHNfdXVpZD0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGNsb3Vkb3dsc19pc19zdWJzY3JpYmU9MTsgc3Vic2NyaWJlX2dlbmVyYWxfdG9rZW49MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBsYXN0X3VybD1udWxsDQoNCg=="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1505,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156971856,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1114,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156971856,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/like_1.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01335{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1505,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156971856,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1114,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156971856,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/like_1.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1506,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156978849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1184,"pkt_l4_len":1150,"thread_ts_usec":1654385156978849,"pkt":"tKXvZygQnLbQ0+MzCABFAASS0r1AAEAG8e\/AqAJ+oXUNHcP0AFAuouTn4gYGxIAYAfZ2PQAAAQEICrrGVZyXEVcFR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbW9yZV93aGl0ZS5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} -01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1506,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156978849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/more_white.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1506,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156978849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/more_white.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156997634,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02042{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1179,"pkt_l4_len":1145,"thread_ts_usec":1654385156997634,"pkt":"tKXvZygQnLbQ0+MzCABFAASNFH5AAEAGsDTAqAJ+oXUNHcP2AFChqIPWvwX7zYAYAfZ2OAAAAQEICrrGVa6XEVcPR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vcmlnaHQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} -01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156997634,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/right.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1507,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156997634,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/right.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385157001678,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1185,"pkt_l4_len":1151,"thread_ts_usec":1654385157001678,"pkt":"tKXvZygQnLbQ0+MzCABFAASTjHtAAEAGODHAqAJ+oXUNHcQAAFCrgt7ji0XD5YAYAfZ2PgAAAQEICrrGVbOXEVcWR0VUIC9pbWFnZXMvbGlzdF9kZWZhdWx0LnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpL2Nzcy9hcHAuY3NzPzE0OTA1DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385157001678,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/list_default.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1508,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385157001678,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/list_default.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385157145999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":748,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":748,"pkt_l4_len":714,"thread_ts_usec":1654385157145999,"pkt":"nLbQ0+MztKXvZygQCABFAALe44NAADQG7t2hdQ0dwKgCfgBQw9yTFLQsi9xmdIAYAPSXNAAAAQEICpcRV7G6xlWMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMzY2DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTE2ZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAFFQTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/CDfnXgAAABp0Uk5TAOEQHt3X0s4WI+fFBvPkMNPJq0tAC7VRUC7\/IHCDAAAAsklEQVRYw+3W6wqDMAwF4Fi13nX3y3n\/Bx1dmT\/mYBZSsHK+BziEkiYRIiIiIiLaC3M6Sxx9B1wkBlMBGO6iz3Rwil60XSs441O01T65aESbOcJpIySXvuZctOUHOKV+cm3hZBGSCziVEW2Nf2cboeYSb63N\/rASZhqxmoS5YbVhO1WHvPWGOuS7r1P5jYsZksjkW87rNLbMvBvbSbw0NvrnDnnILInryd98REREREQ\/vAAzzxwTVWsbZwAAAABJRU5ErkJggg=="} 02297{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1510,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":24,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385156967826,"flow_dst_last_pkt_time":1654385157149701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":14400,"flow_src_tot_l4_payload_len":6674,"flow_dst_tot_l4_payload_len":81693,"midstream":1,"thread_ts_usec":1654385157149701,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1046669.2,"max":6045020,"stddev":1981650.1,"var":3926937042944.0,"ent":3.0,"data": [188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377]},"pktlen": {"min":486,"avg":2813.5,"max":14452,"stddev":2993.9,"var":8963654.0,"ent":4.4,"data": [486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1],"entropies": [5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385157153682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":832,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":832,"pkt_l4_len":798,"thread_ts_usec":1654385157153682,"pkt":"nLbQ0+MztKXvZygQCABFAAMy+MlAADQG2UOhdQ0dwKgCfgBQw+Q76a9lejKjSIAYAPQgmwAAAQEICpcRV7e6xlWVSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNDUwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTFjMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAG9QTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/L9MC0QAAACR0Uk5TAJSpvW0XB\/bWdRD8t6aZi3E3AvPs3s20r6B8d2dTI0U7LisEPmah4wAAAN5JREFUWMPt1MkOglAMheGi3AsOgDhP4NT3f0YhYiQGMcg9iYvzr7rpt2lSYYwxxhhj7C172I4F0nykCrFLuSiei\/sOWhYa9\/JIKxol69S5PNMqDyYHR8eyr89WKUrWtQXIiCv6kxqduJSPdXl5diinC60VDAevon2\/h5JoS+u8szd85BdjrG3tOtO1Ra+VDn6lva+0ksbT+DNucHQGo0MDo\/0bil7kgqITi6InqaDo6RhGZ4KiVwZGzwRFL68w2rN96f0n+iR9aRM2y5HtRUflfNk0ybERxhhjjLG\/7A7dOIR9fLd0dQAAAABJRU5ErkJggg=="} @@ -1073,13 +1073,13 @@ 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":576,"pkt_l4_len":542,"thread_ts_usec":1654385157186882,"pkt":"nLbQ0+MztKXvZygQCABFAAIylDBAADQGPt2hdQ0dwKgCfgBQxACLRcmFq4LjQoAYAPR6KwAAAQEICpcRV9e6xlWzbvw7aAawPVMELTo4l9oXUyfSQao9EpmlQWB5vUp\/AXEBPEbzzwdVge4S8GIhZQN4TwfTVYAOj1wA6cyB\/AAvtbeVgFhLWUwTS0XQFsGFyy7qYBt1tlGbWvABmbwipFtrVgTTGLMi2BgcyK9aM3XCtrmtBLhbJq97te4FdDBoKQdLL9f8ZB7spC4TvHsCCYuiaXLrGdS2iGYQ\/AcQlYFjM0VQqTHtATSJp5plTD+E7ze50uTcvixxhpfLtBrQPqoIEssCqj1KvSRWiJIwxiiEda6DYUahSQeDG8tASlFJiN+bNVCUiEV9uICY4EQ4h5I5DJ7jZRnYnGsqizDD7IlprHB925X7rpbEziY4Vo4oXbQ\/DaBJVtrR5p+TjREy1mMEfU\/uoVFxxuxPPj7eEsc9e5lVBY\/jEOySd5jZXgVkAMVDMWxbK3px1AD2nXrkNoKi8tGu9cyTVDDo97SGkRDWBswOa6+nFvoFCUAkCuGFIhI8bgOIgkFdMqigaT9hhN6njYcbGgjten1FYM6DqC4gRN0h1xVsDT+gpLt+IEwgw5Mu1hFsYpjkuuoITmKMbfLXDzQ\/wJtvtKD6gbDTPQjVE0Swtf\/N7744yEEOcpCDHOQgBznIQQ5ykIMc5CAHOchBDnKQgxzkYBH8DdDO1wSycMqNAAAAAElFTkSuQmCC"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1516,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794071,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1654385176794071,"pkt":"tKXvZygQnLbQ0+MzCABFAAED5\/JAAEAGaSDAqAJ+rGl5UpW2AFDAhIjRiFQ344AYAfbp1wAAAQEICvK1uV7Jom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDczMC00OGZkNjU3YWJkNWExZDNlNDVkMDM0MDNkZGNiMDY2My5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1516,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794071,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1516,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794071,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794172,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1654385176794172,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDhyVAAEAGye3AqAJ+rGl5UpWqAFDm5trb+jit4YAYAfbp1wAAAQEICvK1uV7Jom0dR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDc1MC01ODU2NDUzNTNhN2E0NzYxNTc1NWI3NzE0YzYxMTgzNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794172,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40750-585645353a7a47615755b7714c611835.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794172,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40750-585645353a7a47615755b7714c611835.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1518,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176795709,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1654385176795709,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDkpJAAEAGvoDAqAJ+rGl5UpWsAFD4\/KHAFVJVKoAYAfbp1wAAAQEICvK1uWDJom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDcwMS04ZmE3ZDkxNmM1NWUzMWY5MGZhNTVmNDUwYjcxNjUwNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1518,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176795709,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40701-8fa7d916c55e31f90fa55f450b716505.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1518,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176795709,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40701-8fa7d916c55e31f90fa55f450b716505.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} 00984{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFAAF1WjBAADYGAHGsaXlSwKgCfgBQlbaIVDfjwISJoIAYAOs4SwAAAQEICsmibd\/ytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDg3MzAzDQpMYXN0LU1vZGlmaWVkOiBTdW4sIDI5IE1heSAyMDIyIDAzOjI3OjU1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyOTJlODNiLTE1NTA3Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNjoxNiBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} 02560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1520,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":3,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFAAXUWjFAADYG\/BCsaXlSwKgCfgBQlbaIVDkkwISJoIAQAOsFsgAAAQEICsmibd\/ytble\/9j\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APgjVdV+IGpeNdTTTtd1OT\/iYShQt3If4z715latCnfmZ4ajObaSOi0zwV+0DrcSLpOm67cMW4EbSsen1ryK+aYKk\/enY7KeExc0rRubK\/Ab9smSMS2nw88XzK33THaTNn8jXGs\/ytys6y+86P7OzBL4GMPwE\/bXkJVfhP44LDsbGcVX9u5Zf+NH7w\/s\/MP+fbIJvgF+24fkf4R+NPqbWerWd5V\/z+X3g8uzD\/n2xY\/2Z\/24rhd0fwk8X\/iJB\/M0\/wC38q\/5+on+zcw\/kf3kkX7K\/wC3VOdsfwk8Xk9vmcfzapef5Sl\/GX4gssx\/8j+9Fgfsj\/t9Bdw+DnjFuP4Nzfyas3n2Uv8A5er8S1luYL7D\/D\/MY\/7Kv7e8QP8AxZTx6cf3LKdv5U\/7cyt\/8vl94\/7OzDrTZm3v7PH7cFqStz8GfiCCOv8AxK7v+grSOcZY9qy+8h4HHL\/l2\/uMq8+C\/wC2LaqWuvhV49QDqW0y7\/wrVZrlvSsvvM3gsb1hL7iinw2\/aqlk8qP4feOGbOCF066OP0qv7UwCX8aP3oSwmLf\/AC7l9zNTT\/gP+2Hf\/wCp+H3i9Af+e6yR\/wDoRFc887yuG9ZfI1jgMa1pTZrWv7Nf7Ygw8nhfX4x3Mt2ygfiWrlnn+WW0maLLsd1gXrb4P\/tRaU+24stVJHUJflz\/AOOk1xTznLpbTf3MpZfjVo4\/idL4f+HH7SdyQh0LWyfe7Kj\/AMeIry6+cZf0q\/mb08vxr3j+KOx0n4QfH3CreaPrKE9N2oqB+r1xf2vQl8E2\/lL\/ACOlYKUfjVvmv8zft\/gv8cXj\/d22ok44X+2IM\/8Ao2iOOnLbm\/8AAZf5DdKnHeUV\/wBvR\/zKOq\/Aj9qa4UjR\/C\/iCcnp5N3E3\/tWuunjacfjbXyl\/kYTo8\/wST\/7ej\/mcN4r\/Z4\/bdTcYfhb44kHP\/HvbNJ\/6Cxr06GZ5fH4qn33OWeDxTeiv81\/med+IPhH+2JprN9t+FfxCjx1zpNx\/SvUpZplb\/5fx\/8AAjllgsd\/I\/uOR1fSf2hdLYrq3h\/x"} 02561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":4,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFAAXUWjhAADYG\/AmsaXlSwKgCfgBQlbaIVGCEwISJoIAQAOsaVQAAAQEICsmibd\/ytbles+3OATjOM8U3czW+p9s+A\/8Agph+z3eeC9a+Hfj74F+PvBkNzP4atvDviH4Y61p95PpulaBHPFplu1pq0LweeFuZWlniKeZId2xTktzOlNap6+Z0xrRtZo+Rfihd\/DzUviJrWpfC2w16LQLjUZZdNPiZ7c6hKrMWMtwLZEhSR2JYpGNq5wCetbR5rambtfQ5x1GRhaexa2PcvG6keNNV+Uf8hCbp\/vmu57HgLVMryti2jOB9709q46iZio+8enfs6\/tPfHT9m\/VJ9Y+EPiO4gilgukks5o5ZbWGWe3MMl0qKwCXAg3qs33lXdjpkedVqSg9GdmFlKErIv\/Ff9pX4wftBaXoWm\/F3XbTV38OLcR6TqDaXDFeR28zh\/sjTIoZ7eIg+VEfliDMF6151apKeknsenCTe5gaTb\/aJguQK86tK0TtoLmlY7jR\/h1eaja+bFdKBjptr5jFZj7Kpax71DLXUje46b4SanLEzfa48Af3a5ZZ04tK34nrYTI21e5438YPCd7oZcSTBsHqBivqcozD27TsYYzBeyTTPDPFEjRRMxHOT3r62nJykkfP11yLQ5V5mLbi2PxrvWhw2Yea3ds++aY0gLE9eKCrDJHKjjqaAHWuk6zqjiOwtS5J4ycVjUr0aSvJmkKNSo\/dR7H8K\/wDgm9+2B8aLCPVvCHgiwgtJv9Xcatq6Wyt7gEEn8q+WzHjvhjK5ONetquiTZ72E4Uz3Gx5qVLTzdj1TTP8Agg7+3vqUQmN\/8PrcEdLjxewP6Qmvnp+MHBcHbmqP\/tz\/AIJ6kPD3iWSvyxX\/AG9\/wC5\/w4I\/bpPEni74ZjPb\/hLJj\/K3rB+MvBy2VR\/9ur\/5I2j4ccRv+T73\/kPX\/ggH+28xxJ48+GK\/XxLcH+VvWb8aOEFtGr\/4Cv8A5I0XhtxE+sPvf+RPF\/wb8ftqyEBviZ8MVz\/1Hbs\/ytqj\/iNXCfSlV+6P\/wAkH\/ENs\/8A5ofe\/wDItwf8G9H7Zshy\/wAYfhgn\/cVvT\/7b0v8AiNXCz2o1fuj\/AJifhvnq+3D8f8i\/Z\/8ABut+1\/MQJvjx8L4+On2u\/b\/23pPxp4a6UKn\/AJL\/AJk\/8Q7zlb1If+Tf5Gta\/wDBuV+1RAonuP2jfhmB3Ea37f8AtEVy1vG\/IacbrC1H84gvD3N7\/wAWH3SNHV\/+CKnx2+DejL4n1f45+Dr1IDkxWFrd7jj\/AHlFeJR8dMix2NWEWDqRb6uUbHV\/qDmuGh7V1oO3ZSMf4qfCzW\/Bnh6zfU9TtrmSMAF4Y2AOPrX1uS5\/h8zqP2cGvVo+ezvLKuFs5yTPMNZUqwkyB3r6eD5mfIVocrIbSciUDeMfWnKF0c6bPcf2cfiN4L8I+W3ibXI7QBuS6Mf5A14uLo1HLRXOuhUilqz7g+BH7an7H3haOI+Ivi1ptswx5hk0+4P8ozXzuIwDqTblSu\/Q9vD4900l7S3zPpHQf+Cln\/BNKHRY7PUf2gvDwP8AFHJo12f\/AGjXL\/ZGAnBxqYVP\/t09iGe1oNOOJaf+Ie3\/AAUf\/wCCXaKfsvx18MIT97ZoV2M\/+Qawhw9ktJ+7gor\/ALcRrLiTHT3xcv8AwJk1h\/wUt\/4JmWyFW\/aE8OqOy\/2Ndgf+ia6oZTl0FaOFSX+ExlnteTvLEt\/9vMuJ\/wAFPf8Agl2sflv+0h4bB7r\/AGRd\/wDxmtVlOEt\/u3\/kpDz6pf8A3h\/ezC13\/gof\/wAEo9UjdH+P3hZmbqTol2Sf\/IFYS4eyyT5ng1f\/AAo0XEeLSssXL\/wJnyh+058e\/wBgXxrHcN4I+LGiTl87Rb6ZcJn84hXXhsrp4eVqdDlXpY46ub160ryrOT82fn98frb4f6jcTN4U1iCeNiSpiiZR+oFfV4BumkmrGH1h1Zb3Pm3xDpJtrtiqHk5GO4r63D1OaNmY1Fcy"} @@ -1094,62 +1094,62 @@ 02517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01103{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01741{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01775{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01728{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01762{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01722{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01756{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01091{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01761{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01795{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -02064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} 01603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":850,"pkt_l4_len":816,"thread_ts_usec":1654385184118073,"pkt":"tKXvZygQnLbQ0+MzCABFAANEBJdAAEAGBbvAqAJ+CNFha936AFBSP8s5I7uXO1AYAfYwmQAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPWtleSUyNTNEMjAwMDAzMiUyNTI2Y29udGVudCUyNTNERCUyNTI1MkJTTSUyNTI1MkJGUDJZblRlR2FsckxrUEFKN2NzWWNLdUhhVCUyNTI1M0QmbV9zZGs9bXNkayZjaGFubmVsPQ=="} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1579,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184118073,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1579,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184118073,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385184139299,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":204,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01205{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385184139299,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":204,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01536{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -02022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=0&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +02052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=0&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1584,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184857770,"pkt":"tKXvZygQnLbQ0+MzCABFAARIYtxAAEAGgd7AqAJ+ypnENeWIAFCaSZQVPGdPqYAYAfZWMAAAAQEICr1yaPVMk1rLR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz03MzEmc19oPTQxMSZ1X3c9NjgzJnVfaD00MTEmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MiZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MSZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -02022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +02052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 01531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 04408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01447{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01480{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 06329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} @@ -1165,7 +1165,7 @@ 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} @@ -1173,36 +1173,36 @@ 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} -01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1680,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -02240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01141{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Android 11"}}} +01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} -01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1684,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377922,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Android 11"}}} +01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1684,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377922,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -02235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -01020{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1688,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":103,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":103,"midstream":1,"thread_ts_usec":1654385229399980,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1688,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":103,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":103,"midstream":1,"thread_ts_usec":1654385229399980,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} -01017{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385229406775,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01048{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385229406775,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01674{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01705{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} @@ -1211,26 +1211,26 @@ 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":5,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1654385231918113,"pkt":"tKXvZygQnLbQ0+MzCABFAACf7FpAAEAGOy\/AqAJ+I5wsDaY6AFDzNbjrO3\/xc4AYAfUTYQAAAQEIChlnG+cPV8RmLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogZGUwMS5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1654385232006384,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01662{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01692{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1707,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_usec":1654385232158874,"pkt":"tKXvZygQnLbQ0+MzCABFAAElDRhAAEAG8E3AqAJ+CNFwdopiAFAUf4ZSerS+DlAYAfY9hQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDIxOTkNCkhvc3Q6IGFuYWx5dGljcy5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1707,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1707,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} 02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232158923,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_usec":1654385232158923,"pkt":"tKXvZygQnLbQ0+MzCABFAAXMDRlAAEAG66XAqAJ+CNFwdopiAFAUf4dPerS+DlAQAfZCLAAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPXJpZCUyNTNENjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4JTI1MjZuZXR3b3JrX3R5cGUlMjUzRDklMjUyNm5ldHdvcmtfc3RyJTI1M0QlMjUyNmNpZCUyNTNEMTk5NDQzNjUyOTklMjUyNmNsaWNrX3R5cGUlMjUzRDElMjUyNnR5cGUlMjUzRDElMjUyNmNsaWNrX2R1cmF0aW9uJTI1M0QxNjUlMjUyNmtleSUyNTNEMjAwMDAxMyUyNTI2dW5pdF9pZCUyNTNEODg4MSUyNTI2bGFzdF91cmwlMjUzRGh0dHBzJTI1MjUzQSUyNTI1MkYlMjUyNTJGcGxheS5nb29nbGUuY29tJTI1MjUyRnN0b3JlJTI1MjUyRmFwcHMlMjUyNTJGZGV0YWlscyUyNTI1M0ZpZCUyNTI1M0Rjb20uYXphcmxpdmUuYW5kcm9pZCUyNTI1MjZyZWZlcnJlciUyNTI1M0RhZGp1c3RfZXh0ZXJuYWxfY2xpY2tfaWQlMjUyNTI1M0R2LjJfZy4xNDM4NDVfYS5mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGFfYy4xMTdfdC51YV91LmU3ZGY4NzI0N2NiY2VhMTMlMjUyNTI1MjZ1dG1fY2FtcGFpZ24lMjUyNTI1M0RUZXN0JTI1MjUyNTJCQ2FtcGFpZ24lMjUyNTI1MjZ1dG1fY29udGVudCUyNTI1MjUzRFRlc3QlMjUyNTI1MkJTb3VyY2UlMjUyNTI1MkJBcHBfMTIzNDU2Nzg5JTI1MjUyNTI2dXRtX3NvdXJjZSUyNTI1MjUzRExpZnRvZmYlMjUyNTI1MjZ1dG1fdGVybSUyNTI1MjUzRFRlc3QlMjUyNTI1MkJDcmVhdGl2ZSUyNTI2Y29udGVudCUyNTNEbnVsbCUyNTI2Y29kZSUyNTNEMzAxJTI1MjZleGNlcHRpb24lMjUzRG51bGwlMjUyNmhlYWRlciUyNQ=="} -01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1708,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158923,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1697,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158923,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1708,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158923,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1697,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158923,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_src_last_pkt_time":1654385232158927,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1654385232158927,"pkt":"tKXvZygQnLbQ0+MzCABFAAA4DRpAAEAG8TjAqAJ+CNFwdopiAFAUf4zzerS+DlAYAfY8mAAAM0RzdGF0dXNDb2RlJTI1Mg=="} 01528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":4,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":793,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":793,"pkt_l4_len":759,"thread_ts_usec":1654385232159668,"pkt":"tKXvZygQnLbQ0+MzCABFAAMLDRtAAEAG7mTAqAJ+CNFwdopiAFAUf40DerS+DlAYAfY\/awAANTNEMzAxJTI1MjUyQyUyNTJCbG9jYXRpb24lMjUyNTNEaHR0cHMlMjUyNTNBJTI1MjUyRiUyNTI1MkZwbGF5Lmdvb2dsZS5jb20lMjUyNTJGc3RvcmUlMjUyNTJGYXBwcyUyNTI1MkZkZXRhaWxzJTI1MjUzRmlkJTI1MjUzRGNvbS5hemFybGl2ZS5hbmRyb2lkJTI1MjUyNnJlZmVycmVyJTI1MjUzRGFkanVzdF9leHRlcm5hbF9jbGlja19pZCUyNTI1MjUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNTI1MjUyNnV0bV9jYW1wYWlnbiUyNTI1MjUzRFRlc3QlMjUyNTI1MkJDYW1wYWlnbiUyNTI1MjUyNnV0bV9jb250ZW50JTI1MjUyNTNEVGVzdCUyNTI1MjUyQlNvdXJjZSUyNTI1MjUyQkFwcF8xMjM0NTY3ODklMjUyNTI1MjZ1dG1fc291cmNlJTI1MjUyNTNETGlmdG9mZiUyNTI1MjUyNnV0bV90ZXJtJTI1MjUyNTNEVGVzdCUyNTI1MjUyQkNyZWF0aXZlJTI1MjUyQyUyNTJCY29udGVudFR5cGUlMjUyNTNEYXBwbGljYXRpb24lMjUyNTJGYmluYXJ5JTI1MjUyQyUyNTJCY29udGVudExlbmd0aCUyNTI1M0QwJTI1MjUyQyUyNTJCY29udGVudEVuY29kaW5nJTI1MjUzRG51bGwlMjUyNTJDJTI1MkJyZWZlcmVyJTI1MjUzRG51bGwlMjUyNmxhbmRpbmdfdHlwZSUyNTNEMCUyNTI2bGlua190eXBlJTI1M0QyJTI1MjZjbGlja190aW1lJTI1M0QxNjU0Mzg1MjMwJTI1MEEmbV9zZGs9bXNkayZjaGFubmVsPQ=="} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1711,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":5,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385232180473,"pkt":"nLbQ0+MztKXvZygQCABFAACAzbBAADcGOVoI0XB2wKgCfgBQimJ6tL4OFH+P5lAYAEdekwAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1711,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385232180473,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":204,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1711,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385232180473,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":204,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} 01792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1716,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385234215020,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5hAAEAGlqbAqAJ+A3q+RoESAFCRYAMSk9FZrYAYAfWIrAAAAQEICpYlcA1PQpg8R0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0yIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} 01358{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -02161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +02191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":18,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385144961102,"flow_dst_last_pkt_time":1654385145146412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":755,"flow_dst_max_l4_payload_len":7200,"flow_src_tot_l4_payload_len":1929,"flow_dst_tot_l4_payload_len":57537,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} @@ -1300,7 +1300,7 @@ 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} -00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} +00823{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1309,9 +1309,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7221709 bytes -~~ total memory freed........: 7221709 bytes -~~ total allocations/frees...: 118676/118676 +~~ total memory allocated....: 7255220 bytes +~~ total memory freed........: 7255220 bytes +~~ total allocations/frees...: 118823/118823 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 11861 chars |