aboutsummaryrefslogtreecommitdiff
path: root/test/results/mongodb.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/mongodb.pcap.out')
-rw-r--r--test/results/mongodb.pcap.out46
1 files changed, 23 insertions, 23 deletions
diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out
index 200f44a21..e5a4bceb1 100644
--- a/test/results/mongodb.pcap.out
+++ b/test/results/mongodb.pcap.out
@@ -1,44 +1,44 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongodb.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483459978959064}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
-00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959080,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483459979210216,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"}
-00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301410,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301410,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANBx\/QAA\/Bg+3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959080,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483459979210216,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301410,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301410,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANBx\/QAA\/Bg+3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="}
00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1483558834969479}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
-00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969493,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
-00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483558835050109,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1483558835130993,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130993,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAANBMKQAA\/BmTQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="}
-00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130999,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAANBMKQAA+BmXQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969493,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483558835050109,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1483558835130993,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130993,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAANBMKQAA\/BmTQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130999,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAANBMKQAA+BmXQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="}
00907{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1483726705497076}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"}
-00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1483726705503813,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483726705503813,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="}
-00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1483726705503964,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQIAbrdWQAA9BiO2CgoKDgoKCg\/wP2mJBNDEts\/TviiAGBAaBDcAAAEBCAoydcXkGQyESzoAAABMBAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAABMAAAAQaXNNYXN0ZXIAAQAAAAA="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1483726705503813,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483726705503813,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="}
+00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1483726705503964,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQIAbrdWQAA9BiO2CgoKDgoKCg\/wP2mJBNDEts\/TviiAGBAaBDcAAAEBCAoydcXkGQyESzoAAABMBAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAABMAAAAQaXNNYXN0ZXIAAQAAAAA="}
00907{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1483737232974198}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1483737232979140,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483737232979140,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="}
-00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1483737232979140,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483737232979140,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="}
+00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"}
00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1483814916005019}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
-00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":3285032704,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005036,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098086,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098131,"pkt":"ABsXAAIwLGv11hfFgQABLAgARQAAPAAAQAA8Bn\/pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1483814916107669,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":3285032704,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483814916107669,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANJUmQAA\/BufKCgoKEgoKChP8NnUwNO8EZBGWgSuAEBAgGbQAAAEBCAoeHKgCUsc3tA=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005036,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098086,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483814916098131,"pkt":"ABsXAAIwLGv11hfFgQABLAgARQAAPAAAQAA8Bn\/pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1483814916107669,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483814916107669,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANJUmQAA\/BufKCgoKEgoKChP8NnUwNO8EZBGWgSuAEBAgGbQAAAEBCAoeHKgCUsc3tA=="}
01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
Powered by cgit, Themed by Ted Yin.