summaryrefslogtreecommitdiff
path: root/test/results/netflix.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/netflix.pcap.out')
-rw-r--r--test/results/netflix.pcap.out72
1 files changed, 36 insertions, 36 deletions
diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out
index 7a6e75d1d..e24b582c7 100644
--- a/test/results/netflix.pcap.out
+++ b/test/results/netflix.pcap.out
@@ -48,8 +48,8 @@
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033259678,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033259678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"}
01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01460{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":133,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":72,"flow_avg":38709.7,"flow_max":363670,"flow_stddev":80776.7,"c_to_s_min":137,"c_to_s_avg":34629.9,"c_to_s_max":310931,"c_to_s_stddev":70953.4,"s_to_c_min":72,"s_to_c_avg":43955.1,"s_to_c_max":363670,"s_to_c_stddev":91609.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":159.2,"c_to_s_max":422,"c_to_s_stddev":137.4,"s_to_c_min":66,"s_to_c_avg":433.6,"s_to_c_max":1514,"s_to_c_stddev":541.5}},"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":134,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033498318,"flow_dst_last_pkt_time":1484319033554363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4381,"flow_dst_tot_l4_payload_len":7721,"midstream":0,"thread_ts_usec":1484319033554363,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":191,"flow_avg":35033.2,"flow_max":199917,"flow_stddev":46845.9,"c_to_s_min":191,"c_to_s_avg":32548.5,"c_to_s_max":141147,"c_to_s_stddev":43557.2,"s_to_c_min":234,"s_to_c_avg":37849.3,"s_to_c_max":199917,"s_to_c_stddev":50165.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":324.4,"c_to_s_max":1514,"c_to_s_stddev":464.0,"s_to_c_min":66,"s_to_c_avg":581.3,"s_to_c_max":1514,"s_to_c_stddev":619.4}}}
+01460{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":133,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":72,"flow_avg":39766.2,"flow_max":363670,"flow_stddev":81851.3,"c_to_s_min":137,"c_to_s_avg":36316.5,"c_to_s_max":310931,"c_to_s_stddev":72658.9,"s_to_c_min":72,"s_to_c_avg":43955.1,"s_to_c_max":363670,"s_to_c_stddev":91609.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":159.2,"c_to_s_max":422,"c_to_s_stddev":137.4,"s_to_c_min":66,"s_to_c_avg":433.6,"s_to_c_max":1514,"s_to_c_stddev":541.5}},"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":134,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033498318,"flow_dst_last_pkt_time":1484319033554363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4381,"flow_dst_tot_l4_payload_len":7721,"midstream":0,"thread_ts_usec":1484319033554363,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":191,"flow_avg":34820.4,"flow_max":199917,"flow_stddev":47580.3,"c_to_s_min":191,"c_to_s_avg":31980.9,"c_to_s_max":141147,"c_to_s_stddev":44836.7,"s_to_c_min":234,"s_to_c_avg":37849.3,"s_to_c_max":199917,"s_to_c_stddev":50165.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":324.4,"c_to_s_max":1514,"c_to_s_stddev":464.0,"s_to_c_min":66,"s_to_c_avg":581.3,"s_to_c_max":1514,"s_to_c_stddev":619.4}}}
01731{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033498318,"flow_dst_last_pkt_time":1484319033554363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4381,"flow_dst_tot_l4_payload_len":7721,"midstream":0,"thread_ts_usec":1484319033554363,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033631945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033631945,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"}
@@ -97,7 +97,7 @@
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035399304,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035399304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"}
01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":306,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":143,"flow_avg":40060.1,"flow_max":350146,"flow_stddev":76330.4,"c_to_s_min":222,"c_to_s_avg":40185.9,"c_to_s_max":350146,"c_to_s_stddev":83024.7,"s_to_c_min":143,"s_to_c_avg":39934.3,"s_to_c_max":291182,"s_to_c_stddev":68989.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":216.9,"c_to_s_max":1514,"c_to_s_stddev":368.1,"s_to_c_min":66,"s_to_c_avg":871.6,"s_to_c_max":1514,"s_to_c_stddev":667.3}}}
+01200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":306,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":143,"flow_avg":41275.9,"flow_max":350146,"flow_stddev":77246.2,"c_to_s_min":222,"c_to_s_avg":42706.9,"c_to_s_max":350146,"c_to_s_stddev":85152.5,"s_to_c_min":143,"s_to_c_avg":39934.3,"s_to_c_max":291182,"s_to_c_stddev":68989.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":216.9,"c_to_s_max":1514,"c_to_s_stddev":368.1,"s_to_c_min":66,"s_to_c_avg":871.6,"s_to_c_max":1514,"s_to_c_stddev":667.3}}}
01796{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035889509,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319035889509,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036827113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036827113,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -112,8 +112,8 @@
01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
01148{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}}}
-01456{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":356,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036983563,"flow_dst_last_pkt_time":1484319036982334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1128,"flow_dst_tot_l4_payload_len":5359,"midstream":0,"thread_ts_usec":1484319036983563,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":142,"flow_avg":8888.8,"flow_max":40245,"flow_stddev":10825.2,"c_to_s_min":142,"c_to_s_avg":7450.0,"c_to_s_max":27231,"c_to_s_stddev":9262.8,"s_to_c_min":316,"s_to_c_avg":11635.5,"s_to_c_max":40245,"s_to_c_stddev":12868.7},"pktlen": {"c_to_s_min":66,"c_to_s_avg":120.3,"c_to_s_max":293,"c_to_s_stddev":56.6,"s_to_c_min":66,"s_to_c_avg":553.9,"s_to_c_max":1514,"s_to_c_stddev":607.8}},"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01211{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":596,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":147,"flow_avg":486004.9,"flow_max":7507819,"flow_stddev":1799591.1,"c_to_s_min":147,"c_to_s_avg":453464.1,"c_to_s_max":7402221,"c_to_s_stddev":1737355.8,"s_to_c_min":911,"s_to_c_avg":522884.5,"s_to_c_max":7507819,"s_to_c_stddev":1866933.6},"pktlen": {"c_to_s_min":66,"c_to_s_avg":335.9,"c_to_s_max":1514,"c_to_s_stddev":480.2,"s_to_c_min":66,"s_to_c_avg":414.5,"s_to_c_max":1514,"s_to_c_stddev":560.1}}}
+01456{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":356,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036983563,"flow_dst_last_pkt_time":1484319036982334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1128,"flow_dst_tot_l4_payload_len":5359,"midstream":0,"thread_ts_usec":1484319036983563,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":142,"flow_avg":8297.1,"flow_max":40245,"flow_stddev":10476.7,"c_to_s_min":142,"c_to_s_avg":6461.0,"c_to_s_max":26013,"c_to_s_stddev":8339.5,"s_to_c_min":316,"s_to_c_avg":11635.5,"s_to_c_max":40245,"s_to_c_stddev":12868.7},"pktlen": {"c_to_s_min":66,"c_to_s_avg":120.3,"c_to_s_max":293,"c_to_s_stddev":56.6,"s_to_c_min":66,"s_to_c_avg":553.9,"s_to_c_max":1514,"s_to_c_stddev":607.8}},"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01211{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":596,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":147,"flow_avg":501615.3,"flow_max":7507819,"flow_stddev":1826252.6,"c_to_s_min":147,"c_to_s_avg":481675.4,"c_to_s_max":7402221,"c_to_s_stddev":1787043.8,"s_to_c_min":911,"s_to_c_avg":522884.5,"s_to_c_max":7507819,"s_to_c_stddev":1866933.6},"pktlen": {"c_to_s_min":66,"c_to_s_avg":335.9,"c_to_s_max":1514,"c_to_s_stddev":480.2,"s_to_c_min":66,"s_to_c_avg":414.5,"s_to_c_max":1514,"s_to_c_stddev":560.1}}}
01795{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1484319042988806,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"}
@@ -135,7 +135,7 @@
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043688511,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043689999,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043689999,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-01351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319044532732,"flow_dst_last_pkt_time":1484319044504314,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":33304,"midstream":0,"thread_ts_usec":1484319044532732,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":6882,"flow_avg":94850.8,"flow_max":1300093,"flow_stddev":226514.5,"c_to_s_min":6882,"c_to_s_avg":220560.9,"c_to_s_max":1300093,"c_to_s_stddev":441578.2,"s_to_c_min":13255,"s_to_c_avg":59652.0,"s_to_c_max":398536,"s_to_c_stddev":73579.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":106.7,"c_to_s_max":311,"c_to_s_stddev":84.0,"s_to_c_min":66,"s_to_c_avg":1398.5,"s_to_c_max":1514,"s_to_c_stddev":391.7}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319044532732,"flow_dst_last_pkt_time":1484319044504314,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":33304,"midstream":0,"thread_ts_usec":1484319044532732,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":6882,"flow_avg":97129.5,"flow_max":1300093,"flow_stddev":229777.6,"c_to_s_min":6882,"c_to_s_avg":253286.2,"c_to_s_max":1300093,"c_to_s_stddev":469034.3,"s_to_c_min":13255,"s_to_c_avg":59652.0,"s_to_c_max":398536,"s_to_c_stddev":73579.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":106.7,"c_to_s_max":311,"c_to_s_stddev":84.0,"s_to_c_min":66,"s_to_c_avg":1398.5,"s_to_c_max":1514,"s_to_c_stddev":391.7}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484319044993872,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1484319048757894,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="}
@@ -147,7 +147,7 @@
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319048824981,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1484319048826457,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319048826457,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"}
01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
-01348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":839,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":193,"flow_avg":28971.3,"flow_max":187154,"flow_stddev":41670.2,"c_to_s_min":193,"c_to_s_avg":39844.4,"c_to_s_max":187154,"c_to_s_stddev":54684.6,"s_to_c_min":302,"s_to_c_avg":22447.4,"s_to_c_max":135055,"s_to_c_stddev":29504.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":285.7,"c_to_s_max":1514,"c_to_s_stddev":441.6,"s_to_c_min":66,"s_to_c_avg":1150.8,"s_to_c_max":1514,"s_to_c_stddev":575.5}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":839,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":193,"flow_avg":29165.1,"flow_max":187154,"flow_stddev":42322.7,"c_to_s_min":193,"c_to_s_avg":41378.9,"c_to_s_max":187154,"c_to_s_stddev":56868.4,"s_to_c_min":302,"s_to_c_avg":22447.4,"s_to_c_max":135055,"s_to_c_stddev":29504.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":285.7,"c_to_s_max":1514,"c_to_s_stddev":441.6,"s_to_c_min":66,"s_to_c_avg":1150.8,"s_to_c_max":1514,"s_to_c_stddev":575.5}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049465573,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049465573,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049510947,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="}
@@ -160,7 +160,7 @@
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049645637,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-01356{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":889,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":590,"flow_avg":415399.0,"flow_max":6030936,"flow_stddev":1214223.0,"c_to_s_min":11557,"c_to_s_avg":475108.1,"c_to_s_max":3643850,"c_to_s_stddev":968753.9,"s_to_c_min":590,"s_to_c_avg":368958.6,"s_to_c_max":6030936,"s_to_c_stddev":1373383.8},"pktlen": {"c_to_s_min":66,"c_to_s_avg":110.2,"c_to_s_max":312,"c_to_s_stddev":82.9,"s_to_c_min":66,"s_to_c_avg":1353.6,"s_to_c_max":1514,"s_to_c_stddev":453.8}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01356{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":889,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":590,"flow_avg":428029.7,"flow_max":6030936,"flow_stddev":1231580.9,"c_to_s_min":11557,"c_to_s_avg":509820.5,"c_to_s_max":3643850,"c_to_s_stddev":996898.1,"s_to_c_min":590,"s_to_c_avg":368958.6,"s_to_c_max":6030936,"s_to_c_stddev":1373383.8},"pktlen": {"c_to_s_min":66,"c_to_s_avg":110.2,"c_to_s_max":312,"c_to_s_stddev":82.9,"s_to_c_min":66,"s_to_c_avg":1353.6,"s_to_c_max":1514,"s_to_c_stddev":453.8}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1484319049665892,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="}
01012{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319049665892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049672494,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -183,20 +183,20 @@
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319050677236,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1484319050678757,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319050678757,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"}
01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050682551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.11.145","http": {"url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1008,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319051912595,"flow_dst_last_pkt_time":1484319051940613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":28027,"midstream":0,"thread_ts_usec":1484319051940613,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3794,"flow_avg":102185.3,"flow_max":721657,"flow_stddev":187680.6,"c_to_s_min":3794,"c_to_s_avg":180162.3,"c_to_s_max":721657,"c_to_s_stddev":256570.5,"s_to_c_min":4828,"s_to_c_avg":61340.3,"s_to_c_max":582496,"s_to_c_stddev":119749.1},"pktlen": {"c_to_s_min":66,"c_to_s_avg":103.1,"c_to_s_max":422,"c_to_s_stddev":101.2,"s_to_c_min":74,"s_to_c_avg":1401.0,"s_to_c_max":1514,"s_to_c_stddev":357.0}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1008,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319051912595,"flow_dst_last_pkt_time":1484319051940613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":28027,"midstream":0,"thread_ts_usec":1484319051940613,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3794,"flow_avg":82202.4,"flow_max":651024,"flow_stddev":153564.6,"c_to_s_min":3794,"c_to_s_avg":126012.8,"c_to_s_max":651024,"c_to_s_stddev":200393.2,"s_to_c_min":4828,"s_to_c_avg":61340.3,"s_to_c_max":582496,"s_to_c_stddev":119749.1},"pktlen": {"c_to_s_min":66,"c_to_s_avg":103.1,"c_to_s_max":422,"c_to_s_stddev":101.2,"s_to_c_min":74,"s_to_c_avg":1401.0,"s_to_c_max":1514,"s_to_c_stddev":357.0}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052216458,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319052216458,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319052235250,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1484319052237833,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319052237833,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"}
01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052242977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.10.139","http": {"url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1073,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319053577715,"flow_dst_last_pkt_time":1484319053589492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":25132,"midstream":0,"thread_ts_usec":1484319053589492,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":1043,"flow_avg":86190.2,"flow_max":638852,"flow_stddev":149925.8,"c_to_s_min":5144,"c_to_s_avg":106542.4,"c_to_s_max":638852,"c_to_s_stddev":175382.7,"s_to_c_min":1043,"s_to_c_avg":72264.9,"s_to_c_max":579987,"s_to_c_stddev":127805.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":101.1,"c_to_s_max":422,"c_to_s_stddev":93.2,"s_to_c_min":74,"s_to_c_avg":1389.2,"s_to_c_max":1514,"s_to_c_stddev":373.2}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1073,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319053577715,"flow_dst_last_pkt_time":1484319053589492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":25132,"midstream":0,"thread_ts_usec":1484319053589492,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":1043,"flow_avg":88202.9,"flow_max":638852,"flow_stddev":151898.7,"c_to_s_min":5144,"c_to_s_avg":113438.1,"c_to_s_max":638852,"c_to_s_stddev":180843.0,"s_to_c_min":1043,"s_to_c_avg":72264.9,"s_to_c_max":579987,"s_to_c_stddev":127805.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":101.1,"c_to_s_max":422,"c_to_s_stddev":93.2,"s_to_c_min":74,"s_to_c_avg":1389.2,"s_to_c_max":1514,"s_to_c_stddev":373.2}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054101585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319054101585,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319054132376,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1484319054134077,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319054134077,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"}
01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054139605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01468{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1132,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054294236,"flow_dst_last_pkt_time":1484319054480080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":29479,"midstream":0,"thread_ts_usec":1484319054480080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2187,"flow_avg":18463.6,"flow_max":44333,"flow_stddev":9877.1,"c_to_s_min":5528,"c_to_s_avg":21233.9,"c_to_s_max":41107,"c_to_s_stddev":10535.4,"s_to_c_min":2187,"s_to_c_avg":17204.3,"s_to_c_max":44333,"s_to_c_stddev":9293.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":102.6,"c_to_s_max":420,"c_to_s_stddev":105.9,"s_to_c_min":74,"s_to_c_avg":1406.3,"s_to_c_max":1514,"s_to_c_stddev":349.1}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01485{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1140,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319054604684,"flow_dst_last_pkt_time":1484319054632485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":17376,"midstream":0,"thread_ts_usec":1484319054632485,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2986,"flow_avg":309665.1,"flow_max":4093620,"flow_stddev":800796.9,"c_to_s_min":2986,"c_to_s_avg":274960.7,"c_to_s_max":1864439,"c_to_s_stddev":546951.4,"s_to_c_min":24907,"s_to_c_avg":354285.1,"s_to_c_max":4093620,"s_to_c_stddev":1038077.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":94.2,"c_to_s_max":282,"c_to_s_stddev":46.9,"s_to_c_min":66,"s_to_c_avg":1307.7,"s_to_c_max":1514,"s_to_c_stddev":505.3}},"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01469{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1132,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054294236,"flow_dst_last_pkt_time":1484319054480080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":29479,"midstream":0,"thread_ts_usec":1484319054480080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2187,"flow_avg":18424.1,"flow_max":44333,"flow_stddev":10032.7,"c_to_s_min":5528,"c_to_s_avg":21405.7,"c_to_s_max":41107,"c_to_s_stddev":11092.0,"s_to_c_min":2187,"s_to_c_avg":17204.3,"s_to_c_max":44333,"s_to_c_stddev":9293.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":102.6,"c_to_s_max":420,"c_to_s_stddev":105.9,"s_to_c_min":74,"s_to_c_avg":1406.3,"s_to_c_max":1514,"s_to_c_stddev":349.1}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01485{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1140,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319054604684,"flow_dst_last_pkt_time":1484319054632485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":17376,"midstream":0,"thread_ts_usec":1484319054632485,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2986,"flow_avg":319102.6,"flow_max":4093620,"flow_stddev":811857.0,"c_to_s_min":2986,"c_to_s_avg":290128.8,"c_to_s_max":1864439,"c_to_s_stddev":559117.2,"s_to_c_min":24907,"s_to_c_avg":354285.1,"s_to_c_max":4093620,"s_to_c_stddev":1038077.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":94.2,"c_to_s_max":282,"c_to_s_stddev":46.9,"s_to_c_min":66,"s_to_c_avg":1307.7,"s_to_c_max":1514,"s_to_c_stddev":505.3}},"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056204111,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056204111,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056210218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056210218,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -252,18 +252,18 @@
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327623,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327623,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"}
01358{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056336202,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056347066,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1458,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319059351882,"flow_dst_last_pkt_time":1484319059371795,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319059371795,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":394,"flow_avg":195637.2,"flow_max":2097549,"flow_stddev":398301.9,"c_to_s_min":473,"c_to_s_avg":149051.6,"c_to_s_max":1162295,"c_to_s_stddev":246828.4,"s_to_c_min":394,"s_to_c_avg":284573.3,"s_to_c_max":2097549,"s_to_c_stddev":577189.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":93.4,"c_to_s_max":426,"c_to_s_stddev":75.3,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1536,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319060551613,"flow_dst_last_pkt_time":1484319060618267,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13563,"midstream":0,"thread_ts_usec":1484319060618267,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":135,"flow_avg":272401.7,"flow_max":1046959,"flow_stddev":299804.0,"c_to_s_min":135,"c_to_s_avg":216592.1,"c_to_s_max":635898,"c_to_s_stddev":202375.2,"s_to_c_min":857,"s_to_c_avg":365417.7,"s_to_c_max":1046959,"s_to_c_stddev":396968.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":88.4,"c_to_s_max":426,"c_to_s_stddev":77.8,"s_to_c_min":74,"s_to_c_avg":1196.9,"s_to_c_max":1514,"s_to_c_stddev":557.1}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1539,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319060594060,"flow_dst_last_pkt_time":1484319060664663,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319060664663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":569,"flow_avg":276025.4,"flow_max":1636184,"flow_stddev":359858.7,"c_to_s_min":569,"c_to_s_avg":219497.5,"c_to_s_max":1105315,"c_to_s_stddev":265050.7,"s_to_c_min":4002,"s_to_c_avg":370238.7,"s_to_c_max":1636184,"s_to_c_stddev":462645.0},"pktlen": {"c_to_s_min":66,"c_to_s_avg":91.1,"c_to_s_max":423,"c_to_s_stddev":76.5,"s_to_c_min":74,"s_to_c_avg":1316.5,"s_to_c_max":1514,"s_to_c_stddev":453.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01481{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1545,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319060695068,"flow_dst_last_pkt_time":1484319060746254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":20790,"midstream":0,"thread_ts_usec":1484319060746254,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":4949,"flow_avg":283451.7,"flow_max":1397235,"flow_stddev":312221.8,"c_to_s_min":18248,"c_to_s_avg":283401.1,"c_to_s_max":985618,"c_to_s_stddev":262182.5,"s_to_c_min":4949,"s_to_c_avg":283502.2,"s_to_c_max":1397235,"s_to_c_stddev":355281.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":94.6,"c_to_s_max":423,"c_to_s_stddev":85.4,"s_to_c_min":74,"s_to_c_avg":1365.9,"s_to_c_max":1514,"s_to_c_stddev":402.1}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1562,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319060916913,"flow_dst_last_pkt_time":1484319060915445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319060916913,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":342,"flow_avg":291640.1,"flow_max":2716440,"flow_stddev":532785.5,"c_to_s_min":1429,"c_to_s_avg":222932.3,"c_to_s_max":1162512,"c_to_s_stddev":306721.5,"s_to_c_min":342,"s_to_c_avg":422809.5,"s_to_c_max":2716440,"s_to_c_stddev":787371.8},"pktlen": {"c_to_s_min":66,"c_to_s_avg":91.8,"c_to_s_max":424,"c_to_s_stddev":74.9,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1566,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319060947278,"flow_dst_last_pkt_time":1484319060861747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":12102,"midstream":0,"thread_ts_usec":1484319060947278,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":137,"flow_avg":294814.1,"flow_max":3094333,"flow_stddev":549088.6,"c_to_s_min":5332,"c_to_s_avg":217574.0,"c_to_s_max":626011,"c_to_s_stddev":219495.7,"s_to_c_min":137,"s_to_c_avg":464742.4,"s_to_c_max":3094333,"s_to_c_stddev":903770.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":91.2,"c_to_s_max":424,"c_to_s_stddev":73.0,"s_to_c_min":74,"s_to_c_avg":1277.0,"s_to_c_max":1514,"s_to_c_stddev":487.5}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1585,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319061168059,"flow_dst_last_pkt_time":1484319060482194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":12101,"midstream":0,"thread_ts_usec":1484319061168059,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":266,"flow_avg":285959.5,"flow_max":2608516,"flow_stddev":522881.7,"c_to_s_min":498,"c_to_s_avg":224214.7,"c_to_s_max":1152400,"c_to_s_stddev":298377.0,"s_to_c_min":266,"s_to_c_avg":421797.9,"s_to_c_max":2608516,"s_to_c_stddev":807585.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":93.4,"c_to_s_max":425,"c_to_s_stddev":73.1,"s_to_c_min":74,"s_to_c_avg":1276.9,"s_to_c_max":1514,"s_to_c_stddev":487.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01475{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1592,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319061128980,"flow_dst_last_pkt_time":1484319061270358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061270358,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":79,"flow_avg":313580.5,"flow_max":3064500,"flow_stddev":569510.4,"c_to_s_min":671,"c_to_s_avg":236587.1,"c_to_s_max":811161,"c_to_s_stddev":257988.9,"s_to_c_min":79,"s_to_c_avg":460567.9,"s_to_c_max":3064500,"s_to_c_stddev":885185.1},"pktlen": {"c_to_s_min":66,"c_to_s_avg":95.4,"c_to_s_max":424,"c_to_s_stddev":74.3,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01480{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1621,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":240,"flow_avg":345253.2,"flow_max":3546297,"flow_stddev":674579.0,"c_to_s_min":240,"c_to_s_avg":261285.9,"c_to_s_max":1317695,"c_to_s_stddev":368411.8,"s_to_c_min":4927,"s_to_c_avg":505554.5,"s_to_c_max":3546297,"s_to_c_stddev":1012684.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":92.7,"c_to_s_max":423,"c_to_s_stddev":74.5,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":72,"flow_avg":402196.5,"flow_max":4457097,"flow_stddev":801514.4,"c_to_s_min":828,"c_to_s_avg":321231.2,"c_to_s_max":1392951,"c_to_s_stddev":388412.9,"s_to_c_min":72,"s_to_c_avg":537138.6,"s_to_c_max":4457097,"s_to_c_stddev":1196895.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":93.5,"c_to_s_max":424,"c_to_s_stddev":76.5,"s_to_c_min":74,"s_to_c_avg":1316.5,"s_to_c_max":1514,"s_to_c_stddev":453.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1725,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":682,"flow_avg":422178.6,"flow_max":4431980,"flow_stddev":805011.6,"c_to_s_min":682,"c_to_s_avg":292478.5,"c_to_s_max":1250769,"c_to_s_stddev":344147.5,"s_to_c_min":4898,"s_to_c_avg":753634.4,"s_to_c_max":4431980,"s_to_c_stddev":1359642.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":92.5,"c_to_s_max":424,"c_to_s_stddev":71.2,"s_to_c_min":74,"s_to_c_avg":1250.6,"s_to_c_max":1514,"s_to_c_stddev":507.3}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1851,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":136,"flow_avg":1897987.8,"flow_max":30086001,"flow_stddev":7271359.5,"c_to_s_min":261,"c_to_s_avg":1785720.0,"c_to_s_max":30033380,"c_to_s_stddev":7061953.0,"s_to_c_min":136,"s_to_c_avg":2025224.5,"s_to_c_max":30086001,"s_to_c_stddev":7499592.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":439.3,"c_to_s_max":1514,"c_to_s_stddev":588.4,"s_to_c_min":66,"s_to_c_avg":342.7,"s_to_c_max":1514,"s_to_c_stddev":514.1}}}
+01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1458,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319059351882,"flow_dst_last_pkt_time":1484319059371795,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319059371795,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":394,"flow_avg":201312.9,"flow_max":2097549,"flow_stddev":403399.4,"c_to_s_min":473,"c_to_s_avg":155519.7,"c_to_s_max":1162295,"c_to_s_stddev":251181.0,"s_to_c_min":394,"s_to_c_avg":284573.3,"s_to_c_max":2097549,"s_to_c_stddev":577189.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":93.4,"c_to_s_max":426,"c_to_s_stddev":75.3,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1536,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319060551613,"flow_dst_last_pkt_time":1484319060618267,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13563,"midstream":0,"thread_ts_usec":1484319060618267,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":135,"flow_avg":280753.9,"flow_max":1046959,"flow_stddev":300914.6,"c_to_s_min":135,"c_to_s_avg":227282.0,"c_to_s_max":635898,"c_to_s_stddev":202053.9,"s_to_c_min":857,"s_to_c_avg":365417.7,"s_to_c_max":1046959,"s_to_c_stddev":396968.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":88.4,"c_to_s_max":426,"c_to_s_stddev":77.8,"s_to_c_min":74,"s_to_c_avg":1196.9,"s_to_c_max":1514,"s_to_c_stddev":557.1}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1539,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319060594060,"flow_dst_last_pkt_time":1484319060664663,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319060664663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":569,"flow_avg":284358.9,"flow_max":1636184,"flow_stddev":362564.9,"c_to_s_min":569,"c_to_s_avg":230119.0,"c_to_s_max":1105315,"c_to_s_stddev":267755.4,"s_to_c_min":4002,"s_to_c_avg":370238.7,"s_to_c_max":1636184,"s_to_c_stddev":462645.0},"pktlen": {"c_to_s_min":66,"c_to_s_avg":91.1,"c_to_s_max":423,"c_to_s_stddev":76.5,"s_to_c_min":74,"s_to_c_avg":1316.5,"s_to_c_max":1514,"s_to_c_stddev":453.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01481{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1545,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319060695068,"flow_dst_last_pkt_time":1484319060746254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":20790,"midstream":0,"thread_ts_usec":1484319060746254,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":4949,"flow_avg":290996.3,"flow_max":1397235,"flow_stddev":314333.5,"c_to_s_min":18248,"c_to_s_avg":298990.0,"c_to_s_max":985618,"c_to_s_stddev":263503.4,"s_to_c_min":4949,"s_to_c_avg":283502.2,"s_to_c_max":1397235,"s_to_c_stddev":355281.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":94.6,"c_to_s_max":423,"c_to_s_stddev":85.4,"s_to_c_min":74,"s_to_c_avg":1365.9,"s_to_c_max":1514,"s_to_c_stddev":402.1}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1562,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319060916913,"flow_dst_last_pkt_time":1484319060915445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319060916913,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":342,"flow_avg":300105.7,"flow_max":2716440,"flow_stddev":539188.2,"c_to_s_min":1429,"c_to_s_avg":232618.6,"c_to_s_max":1162512,"c_to_s_stddev":311145.7,"s_to_c_min":342,"s_to_c_avg":422809.5,"s_to_c_max":2716440,"s_to_c_stddev":787371.8},"pktlen": {"c_to_s_min":66,"c_to_s_avg":91.8,"c_to_s_max":424,"c_to_s_stddev":74.9,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1566,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319060947278,"flow_dst_last_pkt_time":1484319060861747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":12102,"midstream":0,"thread_ts_usec":1484319060947278,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":137,"flow_avg":302592.9,"flow_max":3094333,"flow_stddev":556136.4,"c_to_s_min":5332,"c_to_s_avg":225378.8,"c_to_s_max":626011,"c_to_s_stddev":221658.3,"s_to_c_min":137,"s_to_c_avg":464742.4,"s_to_c_max":3094333,"s_to_c_stddev":903770.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":91.2,"c_to_s_max":424,"c_to_s_stddev":73.0,"s_to_c_min":74,"s_to_c_avg":1277.0,"s_to_c_max":1514,"s_to_c_stddev":487.5}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1585,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319061168059,"flow_dst_last_pkt_time":1484319060482194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":12101,"midstream":0,"thread_ts_usec":1484319061168059,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":266,"flow_avg":294252.3,"flow_max":2608516,"flow_stddev":529173.0,"c_to_s_min":498,"c_to_s_avg":233516.4,"c_to_s_max":1152400,"c_to_s_stddev":302266.2,"s_to_c_min":266,"s_to_c_avg":421797.9,"s_to_c_max":2608516,"s_to_c_stddev":807585.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":93.4,"c_to_s_max":425,"c_to_s_stddev":73.1,"s_to_c_min":74,"s_to_c_avg":1276.9,"s_to_c_max":1514,"s_to_c_stddev":487.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01475{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1592,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319061128980,"flow_dst_last_pkt_time":1484319061270358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061270358,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":79,"flow_avg":322294.1,"flow_max":3064500,"flow_stddev":576519.8,"c_to_s_min":671,"c_to_s_avg":246243.5,"c_to_s_max":811161,"c_to_s_stddev":260630.1,"s_to_c_min":79,"s_to_c_avg":460567.9,"s_to_c_max":3064500,"s_to_c_stddev":885185.1},"pktlen": {"c_to_s_min":66,"c_to_s_avg":95.4,"c_to_s_max":424,"c_to_s_stddev":74.3,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01480{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1621,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":240,"flow_avg":355944.2,"flow_max":3546297,"flow_stddev":682699.4,"c_to_s_min":240,"c_to_s_avg":273658.6,"c_to_s_max":1317695,"c_to_s_stddev":373227.6,"s_to_c_min":4927,"s_to_c_avg":505554.5,"s_to_c_max":3546297,"s_to_c_stddev":1012684.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":92.7,"c_to_s_max":423,"c_to_s_stddev":74.5,"s_to_c_min":74,"s_to_c_avg":1298.5,"s_to_c_max":1514,"s_to_c_stddev":469.8}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":72,"flow_avg":414504.9,"flow_max":4457097,"flow_stddev":811357.3,"c_to_s_min":828,"c_to_s_avg":337052.0,"c_to_s_max":1392951,"c_to_s_stddev":392172.0,"s_to_c_min":72,"s_to_c_avg":537138.6,"s_to_c_max":4457097,"s_to_c_stddev":1196895.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":93.5,"c_to_s_max":424,"c_to_s_stddev":76.5,"s_to_c_min":74,"s_to_c_avg":1316.5,"s_to_c_max":1514,"s_to_c_stddev":453.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1725,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":682,"flow_avg":435375.1,"flow_max":4431980,"flow_stddev":814478.7,"c_to_s_min":682,"c_to_s_avg":305178.1,"c_to_s_max":1250769,"c_to_s_stddev":346571.1,"s_to_c_min":4898,"s_to_c_avg":753634.4,"s_to_c_max":4431980,"s_to_c_stddev":1359642.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":92.5,"c_to_s_max":424,"c_to_s_stddev":71.2,"s_to_c_min":74,"s_to_c_avg":1250.6,"s_to_c_max":1514,"s_to_c_stddev":507.3}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1851,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":136,"flow_avg":1958267.8,"flow_max":30086001,"flow_stddev":7379834.5,"c_to_s_min":261,"c_to_s_avg":1895495.8,"c_to_s_max":30033380,"c_to_s_stddev":7265209.0,"s_to_c_min":136,"s_to_c_avg":2025224.5,"s_to_c_max":30086001,"s_to_c_stddev":7499592.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":439.3,"c_to_s_max":1514,"c_to_s_stddev":588.4,"s_to_c_min":66,"s_to_c_avg":342.7,"s_to_c_max":1514,"s_to_c_stddev":514.1}}}
01703{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1851,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064590230,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064590230,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"}
@@ -286,7 +286,7 @@
01020{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319064699948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064711690,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064711690,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"}
-01209{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1936,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":74,"flow_avg":972522.2,"flow_max":30431499,"flow_stddev":5291051.5,"c_to_s_min":146,"c_to_s_avg":1710323.4,"c_to_s_max":30431499,"c_to_s_stddev":6965955.0,"s_to_c_min":74,"s_to_c_avg":23920.8,"s_to_c_max":72134,"s_to_c_stddev":26076.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":417.7,"c_to_s_max":1514,"c_to_s_stddev":578.3,"s_to_c_min":66,"s_to_c_avg":362.3,"s_to_c_max":1514,"s_to_c_stddev":526.7}}}
+01210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1936,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":74,"flow_avg":1003326.9,"flow_max":30431499,"flow_stddev":5372888.5,"c_to_s_min":146,"c_to_s_avg":1809896.8,"c_to_s_max":30431499,"c_to_s_stddev":7155449.0,"s_to_c_min":74,"s_to_c_avg":23920.8,"s_to_c_max":72134,"s_to_c_stddev":26076.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":417.7,"c_to_s_max":1514,"c_to_s_stddev":578.3,"s_to_c_min":66,"s_to_c_avg":362.3,"s_to_c_max":1514,"s_to_c_stddev":526.7}}}
01704{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1936,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722112,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722814,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="}
@@ -303,26 +303,26 @@
01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
01673{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
-01201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2040,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":105,"flow_avg":47590.4,"flow_max":266118,"flow_stddev":56471.3,"c_to_s_min":105,"c_to_s_avg":33409.3,"c_to_s_max":146597,"c_to_s_stddev":42939.0,"s_to_c_min":451,"s_to_c_avg":83831.1,"s_to_c_max":266118,"s_to_c_stddev":69278.7},"pktlen": {"c_to_s_min":66,"c_to_s_avg":1082.0,"c_to_s_max":1514,"c_to_s_stddev":624.8,"s_to_c_min":66,"s_to_c_avg":361.7,"s_to_c_max":1514,"s_to_c_stddev":525.2}}}
+01201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2040,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":105,"flow_avg":47531.9,"flow_max":266118,"flow_stddev":57373.9,"c_to_s_min":105,"c_to_s_avg":32682.2,"c_to_s_max":146597,"c_to_s_stddev":43765.3,"s_to_c_min":451,"s_to_c_avg":83831.1,"s_to_c_max":266118,"s_to_c_stddev":69278.7},"pktlen": {"c_to_s_min":66,"c_to_s_avg":1082.0,"c_to_s_max":1514,"c_to_s_stddev":624.8,"s_to_c_min":66,"s_to_c_avg":361.7,"s_to_c_max":1514,"s_to_c_stddev":525.2}}}
01677{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2040,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-01202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2062,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":182,"flow_avg":52481.1,"flow_max":282465,"flow_stddev":57252.5,"c_to_s_min":182,"c_to_s_avg":45893.9,"c_to_s_max":282465,"c_to_s_stddev":69475.4,"s_to_c_min":10583,"s_to_c_avg":62108.5,"s_to_c_max":127478,"s_to_c_stddev":29289.0},"pktlen": {"c_to_s_min":66,"c_to_s_avg":552.9,"c_to_s_max":1514,"c_to_s_stddev":622.3,"s_to_c_min":66,"s_to_c_avg":586.2,"s_to_c_max":1514,"s_to_c_stddev":640.0}}}
+01202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2062,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":182,"flow_avg":52521.9,"flow_max":282465,"flow_stddev":58168.2,"c_to_s_min":182,"c_to_s_avg":45598.2,"c_to_s_max":282465,"c_to_s_stddev":71367.6,"s_to_c_min":10583,"s_to_c_avg":62108.5,"s_to_c_max":127478,"s_to_c_stddev":29289.0},"pktlen": {"c_to_s_min":66,"c_to_s_avg":552.9,"c_to_s_max":1514,"c_to_s_stddev":622.3,"s_to_c_min":66,"s_to_c_avg":586.2,"s_to_c_max":1514,"s_to_c_stddev":640.0}}}
01677{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2062,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-01201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2094,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":105,"flow_avg":57846.0,"flow_max":332646,"flow_stddev":82496.8,"c_to_s_min":105,"c_to_s_avg":42365.6,"c_to_s_max":332646,"c_to_s_stddev":76711.5,"s_to_c_min":534,"s_to_c_avg":91903.0,"s_to_c_max":331939,"s_to_c_stddev":84528.0},"pktlen": {"c_to_s_min":66,"c_to_s_avg":933.9,"c_to_s_max":1514,"c_to_s_stddev":690.0,"s_to_c_min":66,"s_to_c_avg":377.8,"s_to_c_max":1514,"s_to_c_stddev":570.1}}}
+01201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2094,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":105,"flow_avg":59431.0,"flow_max":332646,"flow_stddev":83335.9,"c_to_s_min":105,"c_to_s_avg":43968.1,"c_to_s_max":332646,"c_to_s_stddev":78156.1,"s_to_c_min":534,"s_to_c_avg":91903.0,"s_to_c_max":331939,"s_to_c_stddev":84528.0},"pktlen": {"c_to_s_min":66,"c_to_s_avg":933.9,"c_to_s_max":1514,"c_to_s_stddev":690.0,"s_to_c_min":66,"s_to_c_avg":377.8,"s_to_c_max":1514,"s_to_c_stddev":570.1}}}
01704{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2094,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
-01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2131,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319066015206,"flow_dst_last_pkt_time":1484319066064571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":19133,"midstream":0,"thread_ts_usec":1484319066064571,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2593,"flow_avg":91252.1,"flow_max":471964,"flow_stddev":117978.0,"c_to_s_min":2593,"c_to_s_avg":90592.2,"c_to_s_max":471964,"c_to_s_stddev":130570.6,"s_to_c_min":5363,"s_to_c_avg":91911.9,"s_to_c_max":417442,"s_to_c_stddev":103865.7},"pktlen": {"c_to_s_min":66,"c_to_s_avg":135.2,"c_to_s_max":581,"c_to_s_stddev":167.6,"s_to_c_min":74,"s_to_c_avg":1262.3,"s_to_c_max":1514,"s_to_c_stddev":453.6}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01477{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2195,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":5292,"flow_avg":99926.4,"flow_max":730898,"flow_stddev":153617.1,"c_to_s_min":6142,"c_to_s_avg":120356.8,"c_to_s_max":730898,"c_to_s_stddev":195586.2,"s_to_c_min":5292,"s_to_c_avg":76771.9,"s_to_c_max":279545,"s_to_c_stddev":77325.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":131.0,"c_to_s_max":578,"c_to_s_stddev":162.1,"s_to_c_min":74,"s_to_c_avg":1264.5,"s_to_c_max":1514,"s_to_c_stddev":445.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2131,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319066015206,"flow_dst_last_pkt_time":1484319066064571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":19133,"midstream":0,"thread_ts_usec":1484319066064571,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2593,"flow_avg":93284.4,"flow_max":471964,"flow_stddev":119313.2,"c_to_s_min":2593,"c_to_s_avg":94748.4,"c_to_s_max":471964,"c_to_s_stddev":133824.0,"s_to_c_min":5363,"s_to_c_avg":91911.9,"s_to_c_max":417442,"s_to_c_stddev":103865.7},"pktlen": {"c_to_s_min":66,"c_to_s_avg":135.2,"c_to_s_max":581,"c_to_s_stddev":167.6,"s_to_c_min":74,"s_to_c_avg":1262.3,"s_to_c_max":1514,"s_to_c_stddev":453.6}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2195,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":5292,"flow_avg":101928.1,"flow_max":730898,"flow_stddev":155663.8,"c_to_s_min":6142,"c_to_s_avg":125511.9,"c_to_s_max":730898,"c_to_s_stddev":200482.0,"s_to_c_min":5292,"s_to_c_avg":76771.9,"s_to_c_max":279545,"s_to_c_stddev":77325.2},"pktlen": {"c_to_s_min":66,"c_to_s_avg":131.0,"c_to_s_max":578,"c_to_s_stddev":162.1,"s_to_c_min":74,"s_to_c_avg":1264.5,"s_to_c_max":1514,"s_to_c_stddev":445.7}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070636683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319070636683,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319070655089,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1484319070656558,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319070656558,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"}
01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070660268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
-01480{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2608,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319072360005,"flow_dst_last_pkt_time":1484319072357645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":21986,"midstream":0,"thread_ts_usec":1484319072360005,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3710,"flow_avg":111274.4,"flow_max":530041,"flow_stddev":157680.2,"c_to_s_min":3710,"c_to_s_avg":131415.7,"c_to_s_max":526591,"c_to_s_stddev":174129.7,"s_to_c_min":5405,"s_to_c_avg":95609.0,"s_to_c_max":530041,"s_to_c_stddev":141622.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":142.9,"c_to_s_max":581,"c_to_s_stddev":177.8,"s_to_c_min":74,"s_to_c_avg":1287.9,"s_to_c_max":1514,"s_to_c_stddev":438.4}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01480{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2608,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319072360005,"flow_dst_last_pkt_time":1484319072357645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":21986,"midstream":0,"thread_ts_usec":1484319072360005,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3710,"flow_avg":111105.9,"flow_max":530041,"flow_stddev":160200.4,"c_to_s_min":3710,"c_to_s_avg":132563.2,"c_to_s_max":526591,"c_to_s_stddev":180651.9,"s_to_c_min":5405,"s_to_c_avg":95609.0,"s_to_c_max":530041,"s_to_c_stddev":141622.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":142.9,"c_to_s_max":581,"c_to_s_stddev":177.8,"s_to_c_min":74,"s_to_c_avg":1287.9,"s_to_c_max":1514,"s_to_c_stddev":438.4}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091296070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091296070,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091296070,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319091296070,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319091309083,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1484319091310850,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319091310850,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"}
01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091314892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
-01471{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091784359,"flow_dst_last_pkt_time":1484319091750098,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":23476,"midstream":0,"thread_ts_usec":1484319091784359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":186,"flow_avg":31547.1,"flow_max":286066,"flow_stddev":49539.5,"c_to_s_min":186,"c_to_s_avg":42729.2,"c_to_s_max":286066,"c_to_s_stddev":72751.9,"s_to_c_min":839,"s_to_c_avg":23896.2,"s_to_c_max":71007,"s_to_c_stddev":19178.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":147.5,"c_to_s_max":584,"c_to_s_stddev":184.3,"s_to_c_min":74,"s_to_c_avg":1302.0,"s_to_c_max":1514,"s_to_c_stddev":426.3}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01471{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091784359,"flow_dst_last_pkt_time":1484319091750098,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":23476,"midstream":0,"thread_ts_usec":1484319091784359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":186,"flow_avg":30397.3,"flow_max":286066,"flow_stddev":49910.1,"c_to_s_min":186,"c_to_s_avg":40690.8,"c_to_s_max":286066,"c_to_s_stddev":75365.0,"s_to_c_min":839,"s_to_c_avg":23896.2,"s_to_c_max":71007,"s_to_c_stddev":19178.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":147.5,"c_to_s_max":584,"c_to_s_stddev":184.3,"s_to_c_min":74,"s_to_c_avg":1302.0,"s_to_c_max":1514,"s_to_c_stddev":426.3}},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365279,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319114365279,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365279,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -368,7 +368,7 @@
01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6875,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":140,"flow_avg":22182.4,"flow_max":141407,"flow_stddev":30165.2,"c_to_s_min":402,"c_to_s_avg":24423.6,"c_to_s_max":141407,"c_to_s_stddev":37214.2,"s_to_c_min":140,"s_to_c_avg":19941.2,"s_to_c_max":58570,"s_to_c_stddev":20613.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":204.6,"c_to_s_max":1514,"c_to_s_stddev":360.8,"s_to_c_min":66,"s_to_c_avg":665.1,"s_to_c_max":1514,"s_to_c_stddev":526.0}},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6875,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":140,"flow_avg":20407.3,"flow_max":141407,"flow_stddev":28956.2,"c_to_s_min":402,"c_to_s_avg":20904.5,"c_to_s_max":141407,"c_to_s_stddev":35764.3,"s_to_c_min":140,"s_to_c_avg":19941.2,"s_to_c_max":58570,"s_to_c_stddev":20613.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":204.6,"c_to_s_max":1514,"c_to_s_stddev":360.8,"s_to_c_min":66,"s_to_c_avg":665.1,"s_to_c_max":1514,"s_to_c_stddev":526.0}},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1484319118629811,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"}
00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -384,10 +384,10 @@
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118675789,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118675789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"}
01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-01210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":95,"flow_avg":1660988.9,"flow_max":51181934,"flow_stddev":8895028.0,"c_to_s_min":95,"c_to_s_avg":3058241.8,"c_to_s_max":51181934,"c_to_s_stddev":12031367.0,"s_to_c_min":301,"s_to_c_avg":77435.6,"s_to_c_max":500942,"s_to_c_stddev":134218.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":354.7,"c_to_s_max":1514,"c_to_s_stddev":483.8,"s_to_c_min":66,"s_to_c_avg":572.5,"s_to_c_max":1514,"s_to_c_stddev":600.3}}}
+01199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":95,"flow_avg":63539.0,"flow_max":500942,"flow_stddev":121518.7,"c_to_s_min":95,"c_to_s_avg":50510.9,"c_to_s_max":437212,"c_to_s_stddev":106636.0,"s_to_c_min":301,"s_to_c_avg":77435.6,"s_to_c_max":500942,"s_to_c_stddev":134218.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":354.7,"c_to_s_max":1514,"c_to_s_stddev":483.8,"s_to_c_min":66,"s_to_c_avg":572.5,"s_to_c_max":1514,"s_to_c_stddev":600.3}}}
01731{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
-01342{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6965,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":508,"flow_avg":35868.0,"flow_max":99830,"flow_stddev":21315.9,"c_to_s_min":11985,"c_to_s_avg":36848.2,"c_to_s_max":99830,"c_to_s_stddev":29474.0,"s_to_c_min":508,"s_to_c_avg":35641.8,"s_to_c_max":81106,"s_to_c_stddev":18933.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":110.8,"c_to_s_max":311,"c_to_s_stddev":89.7,"s_to_c_min":66,"s_to_c_avg":1402.9,"s_to_c_max":1514,"s_to_c_stddev":384.8}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01353{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6990,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":241,"flow_avg":122810.9,"flow_max":1416280,"flow_stddev":335892.5,"c_to_s_min":241,"c_to_s_avg":141258.4,"c_to_s_max":1389753,"c_to_s_stddev":352834.7,"s_to_c_min":268,"s_to_c_avg":108462.9,"s_to_c_max":1416280,"s_to_c_stddev":321368.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":101.9,"c_to_s_max":311,"c_to_s_stddev":85.4,"s_to_c_min":66,"s_to_c_avg":1310.2,"s_to_c_max":1514,"s_to_c_stddev":473.3}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01342{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6965,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":508,"flow_avg":36240.5,"flow_max":99830,"flow_stddev":21554.2,"c_to_s_min":11985,"c_to_s_avg":39353.6,"c_to_s_max":99830,"c_to_s_stddev":31698.6,"s_to_c_min":508,"s_to_c_avg":35641.8,"s_to_c_max":81106,"s_to_c_stddev":18933.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":110.8,"c_to_s_max":311,"c_to_s_stddev":89.7,"s_to_c_min":66,"s_to_c_avg":1402.9,"s_to_c_max":1514,"s_to_c_stddev":384.8}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01353{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6990,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":241,"flow_avg":126007.9,"flow_max":1416280,"flow_stddev":340787.6,"c_to_s_min":241,"c_to_s_avg":150300.9,"c_to_s_max":1389753,"c_to_s_stddev":364587.3,"s_to_c_min":268,"s_to_c_avg":108462.9,"s_to_c_max":1416280,"s_to_c_stddev":321368.4},"pktlen": {"c_to_s_min":66,"c_to_s_avg":101.9,"c_to_s_max":311,"c_to_s_stddev":85.4,"s_to_c_min":66,"s_to_c_avg":1310.2,"s_to_c_max":1514,"s_to_c_stddev":473.3}},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
01036{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":147,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319110605814,"flow_dst_last_pkt_time":1484319110632202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1427,"flow_dst_tot_l4_payload_len":193037,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
00865{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00899{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
Powered by cgit, Themed by Ted Yin.