diff options
Diffstat (limited to 'test/results/stun_signal.pcapng.out')
| -rw-r--r-- | test/results/stun_signal.pcapng.out | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out index 32a0b575b..11149d612 100644 --- a/test/results/stun_signal.pcapng.out +++ b/test/results/stun_signal.pcapng.out @@ -21,25 +21,25 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936120747,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_udp_pkts":3,"num_binding_requests":1,"num_processed_pkts":2}}} +00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_pkts":3,"num_binding_requests":1,"num_processed_pkts":2}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":1,"num_processed_pkts":0}}} +01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":1,"num_processed_pkts":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936411307,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936415304,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} -01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936889693,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936889693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_udp_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936889693,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936889693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956903176,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} @@ -47,10 +47,10 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956921410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -00973{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} @@ -66,17 +66,17 @@ 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} -01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1636901958378173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_udp_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1636901958378173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} 01497{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":25,"flow_avg":149493.4,"flow_max":679364,"flow_stddev":200828.1,"c_to_s_min":125,"c_to_s_avg":153838.1,"c_to_s_max":600796,"c_to_s_stddev":181344.5,"s_to_c_min":25,"s_to_c_avg":145420.2,"s_to_c_max":679364,"s_to_c_stddev":217435.8},"pktlen": {"c_to_s_min":70,"c_to_s_avg":106.5,"c_to_s_max":146,"c_to_s_stddev":27.0,"s_to_c_min":70,"s_to_c_avg":105.2,"s_to_c_max":138,"s_to_c_stddev":22.7}},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901967279945,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_udp_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901967553880,"flow_dst_last_pkt_time":1636901967684533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967684533,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901967279945,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} +01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901967553880,"flow_dst_last_pkt_time":1636901967684533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967684533,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} 01324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":15,"flow_avg":1596705.0,"flow_max":17079364,"flow_stddev":3547473.5,"c_to_s_min":15,"c_to_s_avg":1539855.8,"c_to_s_max":17079364,"c_to_s_stddev":3605297.8,"s_to_c_min":76,"s_to_c_avg":2421021.0,"s_to_c_max":4841966,"s_to_c_stddev":2420945.0},"pktlen": {"c_to_s_min":90,"c_to_s_avg":92.7,"c_to_s_max":98,"c_to_s_stddev":3.8,"s_to_c_min":138,"s_to_c_avg":138.0,"s_to_c_max":138,"s_to_c_stddev":0.0}},"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -94,24 +94,24 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_udp_pkts":2,"num_binding_requests":1,"num_processed_pkts":1}}} +00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_pkts":2,"num_binding_requests":1,"num_processed_pkts":1}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} -00976{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998885173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998885173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967333,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967382,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901999417923,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901999417923,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_udp_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} +01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901999417923,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901999417923,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142220,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000142220,"pkt":"mt9Y+uvcCL6sCxduCABFAABcw7ZAAAYRTTcSw4OPwKgMqfA6upcASKsWAQEALCESpEI3OHB2NXh3VHhSY2IAIAAIAAEPjnw9RVEACAAUJEyhW79\/NO7EtgfmN47ncd2\/SCyAKAAE6dNIHg=="} @@ -119,18 +119,18 @@ 01497{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":43,"flow_avg":152743.5,"flow_max":665020,"flow_stddev":189167.3,"c_to_s_min":306,"c_to_s_avg":157886.1,"c_to_s_max":665020,"c_to_s_stddev":185764.6,"s_to_c_min":43,"s_to_c_avg":147922.2,"s_to_c_max":630540,"s_to_c_stddev":192177.6},"pktlen": {"c_to_s_min":70,"c_to_s_avg":108.8,"c_to_s_max":146,"c_to_s_stddev":25.3,"s_to_c_min":70,"s_to_c_avg":107.8,"s_to_c_max":138,"s_to_c_stddev":23.9}},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00992{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_udp_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} +00988{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","proto_id":"78.265","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -150,9 +150,9 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6096772 bytes -~~ total memory freed........: 6096772 bytes -~~ total allocations/frees...: 122122/122122 +~~ total memory allocated....: 6100893 bytes +~~ total memory freed........: 6100893 bytes +~~ total allocations/frees...: 122175/122175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 484 chars ~~ json string max len.......: 1502 chars |