diff options
Diffstat (limited to 'test/results/stun_signal.pcapng.out')
| -rw-r--r-- | test/results/stun_signal.pcapng.out | 314 |
1 files changed, 179 insertions, 135 deletions
diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out index 9bb7e2ab4..efe5789e6 100644 --- a/test/results/stun_signal.pcapng.out +++ b/test/results/stun_signal.pcapng.out @@ -1,162 +1,206 @@ -00493{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"stun_signal.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00493{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"stun_signal.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} -00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040699,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVtAAEAR0ZPAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} -00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} -00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} -00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -00732{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040699,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVtAAEAR0ZPAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} +00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} +00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} +00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} +00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} +00732{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} -00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087734,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"} -00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936087776,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936087776,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"} -00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087800,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936120747,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} +00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087734,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936087776,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936087776,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"} +00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087800,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936120747,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936138159,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Lz5AAOMRv58jnrenwKgMqQ2Wml4AZJPmARMASCESpEI3Q1lCTmVMaEVzcmUACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjOGY3M2M5NzZiMDJiOWM4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABHmTjPc="} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_pkts":3,"num_binding_requests":1,"num_processed_pkts":2}}} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} 01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} -00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936144585,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936144585,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVZAAEAR9G\/AqAypI563p5peDZYAfGxHAAMAYCESpEJTREg5Z3IrK1V4dm0AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGM4ZjczYzk3NmIwMmI5YzgACAAUVADVyCcFlHpNR6\/JlEM11GK82Wc="} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936150821,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150821,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbroAAOABw1cjnrenwKgMqQMDpckAAAAARQAAOJ1UQAAdERfKwKgMqSOet6eaXgG7ACT1pAADAAghEqRCSktITllCRzRleVZKABkABBEAAAA="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936160415,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4L0JAAOARwpsjnrenwKgMqQ2WuGQAZP9bARMASCESpEIwWE1VcCtxUS9rUlMACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NTNlMjE2ZTYwMmRiMDdlABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBFo+J8="} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936185855,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936185855,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVhAAEAR9G3AqAypI563p7hkDZYAfGwXAAMAYCESpEJMbjdHYmN5WG5rbm4AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDk1M2UyMTZlNjAyZGIwN2UACAAUIW2HvRLiM2\/Mn2aCV9BfzE1X65g="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} 01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":1,"num_processed_pkts":0}}} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} 01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} -00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936411307,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} -00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936415304,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936331596,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936331596,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbuUAAOABwzQjnrenwKgMqQMDpcEAAAAARQAAMJ1iQAAgERTEwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936411307,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936415304,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936663206,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80O8AACYRz3Os\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936821517,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936821517,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWdAAEAR9L7AqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} 01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936889693,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936889693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} -00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} +00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} 01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} -00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} -00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956903176,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} -00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956921410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} -00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} +00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956903176,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956921410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} +00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} 01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} -00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} -00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} -00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957172132,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevRAAEARy\/rAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} -00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957180832,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957180832,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvxAAEAR8ynAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957274630,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86goAACYRtlis\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957301798,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8efYAACURJ+2s\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="} +00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956977270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7RAAOQRrikjnrenwKgMqQ2WnA4AZNRVARMASCESpEJuWjVNSmNUejZrc3YACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlM2Q3MGU4YTI4NzhlYWI4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABPdDwsE="} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956982713,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956982713,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnupAAEAR8tvAqAypI563p5wODZYAfID0AAMAYCESpEJoVnBuRlhEMWd5a3MAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGUzZDcwZThhMjg3OGVhYjgACAAUhea72wHPPgTdSOnBEkAPMzKPAD4="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956988183,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7VAAOARsigjnrenwKgMqQ2WqDwAZD47ARMASCESpEJQZE0rWTlGNXNyQ3EACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyYzViYWNlMTgyOWQyNjllABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBNbgMs="} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956989826,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956989826,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnutAAEAR8trAqAypI563p6g8DZYAfJbSAAMAYCESpEJELzRSL1I0ZVdVN0kAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDJjNWJhY2UxODI5ZDI2OWUACAAUvJldU9tsWUvBCpl53HMUEVhvq8k="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957172132,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevRAAEARy\/rAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957180832,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957180832,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvxAAEAR8ynAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957210204,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957210204,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv5AAEAR8x\/AqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957219600,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957219600,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv9AAEAR8x7AqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957274630,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86goAACYRtlis\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957301798,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8efYAACURJ+2s\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957525218,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86ikAACYRtjms\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957551924,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8ergAACURJyus\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957650455,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957650455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxNAAEAR8xLAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957680781,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957680781,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxZAAEAR8w\/AqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901957711133,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957711133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901957719478,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957719478,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} -00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} -00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} +00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} 01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1636901958378173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} -02304{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1636901958386718,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958386718,"pkt":"CL6sCxdumt9Y+uvcCABFAABcaztAAEARa7LAqAypEsODj6g87uQASCG+AQEALCESpEJ2dFg5dWZIQUdCakMAIAAIAAHP9jPRJ80ACAAUJmmebdkZZFSwkh7L8yz62k564LmAKAAEReD9tw=="} +00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1636901958394511,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636901958394511,"pkt":"CL6sCxdumt9Y+uvcCABFAACEazxAAEARa4nAqAypEsODj6g87uQAcJERAAEAVCESpEJwNFQrb1h3aGNEZzcABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UDAAQAEAAAAAQAkAARufx7\/AAgAFAU5PfclhugC7DGLkMWmAbOXS5FggCgABGgSKPI="} +02304{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967279945,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCFAAEARys3AqAyprP15f6g8S2YAHDMFAAEAACESpEI4KzdNdk9qTHloVm0="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967305260,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967305260,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCRAAEARysrAqAyprP15f5wOS2YAHCjCAAEAACESpEJCTndzakJKdHNsVHY="} 01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901967532099,"flow_dst_last_pkt_time":1636901967653267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967653267,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} 01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901967553880,"flow_dst_last_pkt_time":1636901967684533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967684533,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":2,"num_binding_requests":4,"num_processed_pkts":2}}} -02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00773{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} +02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00773{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} 01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} -00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} +00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} 01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} -00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} -00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} -00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} +00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} +00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} +00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} 00907{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} -00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} -00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} +00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_pkts":2,"num_binding_requests":1,"num_processed_pkts":1}}} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} 01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} +00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998669539,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49kxAAOQRNEUjnnrTwKgMqQ2WlFIAZMvXARMASCESpEJOTG9MWFNjWDdLU3cACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2MzExMjRhZWUxZDEzNDUwABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABOHlRAQ="} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998885173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967333,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967382,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998892782,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998892782,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FlAAEAR8pjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998900771,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998900771,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVXoAAOMBFnQjnnrTwKgMqQMDaO0AAAAARQAAMNxXQAAgERKjwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998914396,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998914396,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FtAAEAR8pbAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967333,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967382,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242071,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uigAACUR57qs\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242113,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OWgAACYRZvus\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386450,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386450,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3HxAAEAR8n3AqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386783,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386783,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3H1AAEAR8nzAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901999417923,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901999417923,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} -00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} 01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} -00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} 01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} -00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} -00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} -00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142220,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000142220,"pkt":"mt9Y+uvcCL6sCxduCABFAABcw7ZAAAYRTTcSw4OPwKgMqfA6upcASKsWAQEALCESpEI3OHB2NXh3VHhSY2IAIAAIAAEPjnw9RVEACAAUJEyhW79\/NO7EtgfmN47ncd2\/SCyAKAAE6dNIHg=="} -00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000142270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} -02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01104{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000114802,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000114802,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/RAAEARXvnAqAypEsODj7qX0yYASLB3AQEALCESpEJBbDNpSTF1eStSR1UAIAAIAAHyNDPRJ80ACAAUTu361RDreRFUJBDgnwLv4nPGjjiAKAAENi4ivw=="} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636902000121229,"pkt":"CL6sCxdumt9Y+uvcCABFAACEd\/VAAEARXtDAqAypEsODj7qX0yYAcL05AAEAVCESpEJ3R1crWml5WW5FUngABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9DAAQAEAAAAAQAkAARufx7\/AAgAFG44e2noKgwkMjn\/R9SoQMz3WX15gCgABIStbZc="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142220,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000142220,"pkt":"mt9Y+uvcCL6sCxduCABFAABcw7ZAAAYRTTcSw4OPwKgMqfA6upcASKsWAQEALCESpEI3OHB2NXh3VHhSY2IAIAAIAAEPjnw9RVEACAAUJEyhW79\/NO7EtgfmN47ncd2\/SCyAKAAE6dNIHg=="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000142270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000144041,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000144041,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/ZAAEARXvfAqAypEsODj7qX8DoASAMeAQEALCESpEIwbFM2UjdmdjFzOTMAIAAIAAHRKDPRJ80ACAAUI\/bFSLNMUitVQi8z7dVLO\/aQEHmAKAAEAVoedw=="} +00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1636902000173314,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636902000173314,"pkt":"CL6sCxdumt9Y+uvcCABFAACEd\/dAAEARXs7AqAypEsODj7qX8DoAcOfaAAEAVCESpEJYdGpHMEQ4MEppTE0ABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9DAAQAEAAAAAgAkAARufx7\/AAgAFM7+Ft2Y0101jZUj75NnkTl5UB7JgCgABNI9yPM="} +02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01104{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008969021,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008969021,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhaxAAEARwULAqAyprP15f5RSS2YAHHeOAAEAACESpEJORW10V0g4dmFhQnE="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008970187,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008970187,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwha1AAEARwUHAqAyprP15f7qXS2YAHGY1AAEAACESpEI5bGJNUnBSbytQbnU="} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01014{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} -00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":159,"global_ts_usec":1636902021384737} +00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1636902021384737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 |