diff options
Diffstat (limited to 'test/results/viber.pcap.out')
| -rw-r--r-- | test/results/viber.pcap.out | 208 |
1 files changed, 104 insertions, 104 deletions
diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out index 9ddde72d7..428ad0629 100644 --- a/test/results/viber.pcap.out +++ b/test/results/viber.pcap.out @@ -1,182 +1,182 @@ 00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"viber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1527155638428936,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":3285032704,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} +00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155638474128,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155638474128,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"} 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1527155638476527,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="} +00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1527155638476527,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="} 01055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155638476527,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com","dns": {"num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}}} -00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":3285032704,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1527155638483176,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638524866,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155638524866,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"} -00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638525136,"flow_idle_time":3285032704,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1527155638525136,"pkt":"MAdNo1+nAA6OMNv9CABFAACAM+lAACYGLnA0AP1lwKgAERCUgbhNDRRo2B+UZYAYAIyDiQAAAQEICveUYGwAIWBCTAAOAAAA7ZKoDv3w6OEJqmeEcnEl5cUBQprrMM7Rp8izc+yMxyWcB68VLspY31LXwDQ0RwmmKdwU4EmaqJ3KShawrAeJ2amPhoabWg=="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1527155638527168,"flow_dst_last_pkt_time":1527155638525136,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155638527168,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0vbJAAEAGivLAqAARNAD9ZYG4EJTYH5SdTQ0UtIAQAtpoeQAAAQEICgAhYF33lGBs"} +00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1527155638483176,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638524866,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155638524866,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1527155638483176,"flow_dst_last_pkt_time":1527155638525136,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1527155638525136,"pkt":"MAdNo1+nAA6OMNv9CABFAACAM+lAACYGLnA0AP1lwKgAERCUgbhNDRRo2B+UZYAYAIyDiQAAAQEICveUYGwAIWBCTAAOAAAA7ZKoDv3w6OEJqmeEcnEl5cUBQprrMM7Rp8izc+yMxyWcB68VLspY31LXwDQ0RwmmKdwU4EmaqJ3KShawrAeJ2amPhoabWg=="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1527155638527168,"flow_dst_last_pkt_time":1527155638525136,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155638527168,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0vbJAAEAGivLAqAARNAD9ZYG4EJTYH5SdTQ0UtIAQAtpoeQAAAQEICgAhYF33lGBs"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639005882,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639005882,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639005882,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="} 01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639005882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639005882,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app.adjust.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_usec":1527155639008484,"pkt":"MAdNo1+nAA6OMNv9CABFAAEhW4BAAEARXNvAqAAPwKgAEQA1idMBDcumy5yBgAABAAQABAAEA2FwcAZhZGp1c3QDY29tAAABAAHADAABAAEAAAHMAASyots6wAwAAQABAAABzAAEsqLbmcAMAAEAAQAAAcwABLKi2LPADAABAAEAAAHMAAS5l8wIwBAAAgABAAKIXQATBG5zMDEGYWRqdXN0BXdvcmtzAMAQAAIAAQACiF0AFARkbnMxA3AwOQVuc29uZQNuZXQAwBAAAgABAAKIXQAHBGRuczLAkMAQAAIAAQACiF0ABwRuczAywHHAiwABAAEAAWUPAATGMywJwKsAAQABAAFlDwAExjMtCcBsAAEAAQAAMG8ABC02EQHAvgABAAEAADBvAAQtNhFB"} +00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_usec":1527155639008484,"pkt":"MAdNo1+nAA6OMNv9CABFAAEhW4BAAEARXNvAqAAPwKgAEQA1idMBDcumy5yBgAABAAQABAAEA2FwcAZhZGp1c3QDY29tAAABAAHADAABAAEAAAHMAASyots6wAwAAQABAAABzAAEsqLbmcAMAAEAAQAAAcwABLKi2LPADAABAAEAAAHMAAS5l8wIwBAAAgABAAKIXQATBG5zMDEGYWRqdXN0BXdvcmtzAMAQAAIAAQACiF0AFARkbnMxA3AwOQVuc29uZQNuZXQAwBAAAgABAAKIXQAHBGRuczLAkMAQAAIAAQACiF0ABwRuczAywHHAiwABAAEAAWUPAATGMywJwKsAAQABAAFlDwAExjMtCcBsAAEAAQAAMG8ABC02EQHAvgABAAEAADBvAAQtNhFB"} 01051{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155639008484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app.adjust.com","dns": {"num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639234839,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155639234839,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHWRAAEARm9jAqAARwKgAD\/WYADUALODJ\/WMBAAABAAAAAAAABG1hcGkJYXBwdGltaXplA2NvbQAAAQAB"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155639234839,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHWRAAEARm9jAqAARwKgAD\/WYADUALODJ\/WMBAAABAAAAAAAABG1hcGkJYXBwdGltaXplA2NvbQAAAQAB"} 01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639234839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639234839,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1527155639237450,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="} +00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1527155639237450,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="} 01054{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155639237450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639240854,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639240854,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639240854,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639240854,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639414725,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1527155639417273,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639417273,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} -00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155639419114,"pkt":"AA6OMNv9MAdNo1+nCABFAADoC6NAAEAGkIzAqAARNkWm4pB6Abv8W2qvTzEkCoAYAq3FAQAAAQEICgAhYTtMsKWZFgMBAK8BAACrAwOf\/2TjK8r1kWpdan2TJekyDzujbi8jagHQAHL6QuSe+wAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639240854,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639240854,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639414725,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1527155639417273,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639417273,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155639419114,"pkt":"AA6OMNv9MAdNo1+nCABFAADoC6NAAEAGkIzAqAARNkWm4pB6Abv8W2qvTzEkCoAYAq3FAQAAAQEICgAhYTtMsKWZFgMBAK8BAACrAwOf\/2TjK8r1kWpdan2TJekyDzujbi8jagHQAHL6QuSe+wAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} 01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639419114,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639592888,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639592888,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0gc9AAOYGdRM2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG4XbAAAAQEICkywpcUAIWE7"} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639592888,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639592888,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0gc9AAOYGdRM2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG4XbAAAAQEICkywpcUAIWE7"} 01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594657,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155639594657,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}} 01539{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594933,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155639594933,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640085923,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640085923,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640261254,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1527155640264334,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640264334,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} -00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155640275168,"pkt":"AA6OMNv9MAdNo1+nCABFAADosZRAAEAG6prAqAARNkWm4pB8Abt0c9Bx9BYx5YAYAq1TTQAAAQEICgAhYhBMsKZsFgMBAK8BAACrAwPxHao\/Q96Yxv6ptzoREqGRwhus41t797c9sc55oDAI4gAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640085923,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640261254,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1527155640264334,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640264334,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155640275168,"pkt":"AA6OMNv9MAdNo1+nCABFAADosZRAAEAG6prAqAARNkWm4pB8Abt0c9Bx9BYx5YAYAq1TTQAAAQEICgAhYhBMsKZsFgMBAK8BAACrAwPxHao\/Q96Yxv6ptzoREqGRwhus41t797c9sc55oDAI4gAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} 01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640275168,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640450457,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640450457,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0l3xAAOYGX2Y2RabiwKgAEQG7kHz0FjHldHPRJYAQAG6FIwAAAQEICkywppwAIWIQ"} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640450457,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640450457,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0l3xAAOYGX2Y2RabiwKgAEQG7kHz0FjHldHPRJYAQAG6FIwAAAQEICkywppwAIWIQ"} 01106{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640452297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155640452297,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641574870,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155641574870,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155641574870,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641574870,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"media.cdn.viber.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1527155641691221,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1527155641691221,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="} 01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641691221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1527155641691221,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"media.cdn.viber.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641697916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641697916,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641697916,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641697916,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641714003,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641716061,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641716061,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} -00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155641717778,"pkt":"AA6OMNv9MAdNo1+nCABFAADs25NAAEAGCXnAqAARNuZdYOCwAbu7GrjlFg8sv4AYAq3PXQAAAQEICgAhY3p+anA4FgMBALMBAACvAwM9xUi6e2VHcfR2Et1lmWRy3PNn2wAw6MtgIjCKmCwNtgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAYABYAABNtZWRpYS5jZG4udmliZXIuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641697916,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641697916,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641714003,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641716061,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641716061,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} +00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155641717778,"pkt":"AA6OMNv9MAdNo1+nCABFAADs25NAAEAGCXnAqAARNuZdYOCwAbu7GrjlFg8sv4AYAq3PXQAAAQEICgAhY3p+anA4FgMBALMBAACvAwM9xUi6e2VHcfR2Et1lmWRy3PNn2wAw6MtgIjCKmCwNtgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAYABYAABNtZWRpYS5jZG4udmliZXIuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641717778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641733771,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641733771,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0XIVAAPQG1T425l1gwKgAEQG74LAWDyy\/uxq5nYAQAHY1FQAAAQEICn5qcDoAIWN6"} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641733771,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641733771,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0XIVAAPQG1T425l1gwKgAEQG74LAWDyy\/uxq5nYAQAHY1FQAAAQEICn5qcDoAIWN6"} 01195{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641736492,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}} 01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641736812,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","tls": {"version":"TLSv1.2","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155641813689,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155641813689,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"} 01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"dl-media.viber.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1527155641840131,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1527155641840131,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="} 01055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1527155641840131,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"dl-media.viber.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641845544,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641845544,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641845544,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641845544,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641865014,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641867207,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641867207,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} -00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1527155641868230,"pkt":"AA6OMNv9MAdNo1+nCABFAADrnX5AAEAGR7rAqAARNuZdNdKuAbvV1v7ndwuRKoAYAq2cvgAAAQEICgAhY6B+anCqFgMBALIBAACuAwM1qr437x53guPHYx6idTGnRu91RvVMpGhSbboCtiTLxAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABp\/wEAAQAAAAAXABUAABJkbC1tZWRpYS52aWJlci5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641845544,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641845544,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641865014,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641867207,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641867207,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1527155641868230,"pkt":"AA6OMNv9MAdNo1+nCABFAADrnX5AAEAGR7rAqAARNuZdNdKuAbvV1v7ndwuRKoAYAq2cvgAAAQEICgAhY6B+anCqFgMBALIBAACuAwM1qr437x53guPHYx6idTGnRu91RvVMpGhSbboCtiTLxAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABp\/wEAAQAAAAAXABUAABJkbC1tZWRpYS52aWJlci5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641868230,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641887306,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641887306,"pkt":"MAdNo1+nAA6OMNv9CABFAAA04YZAAPQGUGg25l01wKgAEQG70q53C5Eq1db\/noAQAHYchQAAAQEICn5qcKwAIWOg"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641887306,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641887306,"pkt":"MAdNo1+nAA6OMNv9CABFAAA04YZAAPQGUGg25l01wKgAEQG70q53C5Eq1db\/noAQAHYchQAAAQEICn5qcKwAIWOg"} 01195{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890520,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641890520,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}} 01458{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890790,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641890790,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}} 01954{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":115,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":8869.6,"max":47784,"stddev":14735.4,"var":217133360.0,"ent":3.3,"data": [19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080]},"pktlen": {"min":52,"avg":714.1,"max":1500,"stddev":673.4,"var":453425.2,"ent":4.3,"data": [60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.571673393,5.231404781,5.154164791,5.626152039,5.147462368,7.170236111,7.463209152,7.511432171,7.329006195,5.115703106,5.154164791,5.192625999,5.154164791,6.447020531,7.153199196,7.703028202,7.855375767,7.870701790,7.853311062,7.869762897,7.858384132,7.891494274,7.876748085,7.889567852,7.884804249,7.876610279,7.713707447,5.154164791,5.154164314,5.115703106,5.154164314,5.109001160]}} 01463{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155644240774,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644240774,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644243647,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1527155644244636,"pkt":"MAdNo1+nAA6OMNv9CABFAAAyAABAADoRu76s2RdqwKgAEQG7pAkAHohoAA5y\/VBeClgsOyCTlKKUc09Z1nXjEg=="} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644240774,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644243647,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1527155644244636,"pkt":"MAdNo1+nAA6OMNv9CABFAAAyAABAADoRu76s2RdqwKgAEQG7pAkAHohoAA5y\/VBeClgsOyCTlKKUc09Z1nXjEg=="} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646819778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155646819778,"pkt":"AA6OMNv9MAdNo1+nCABFAABBI8dAAEARlXTAqAARwKgAD4oDADUALaw8\/YcBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155646819778,"pkt":"AA6OMNv9MAdNo1+nCABFAABBI8dAAEARlXTAqAARwKgAD4oDADUALaw8\/YcBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646819778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646819778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1527155646840307,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1527155646840307,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="} 01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155646819778,"flow_src_last_pkt_time":1527155646819778,"flow_dst_last_pkt_time":1527155646840307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1527155646840307,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646850574,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646850574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646850574,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646850574,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646851668,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1527155646855196,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646855196,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"} -01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1527155646860573,"pkt":"AA6OMNv9MAdNo1+nCABFAAI5QKtAAEAGczPAqAARrNkXTqq2Abu2kyjV4Kxf1YAYAq1z5wAAAQEICgAhaICjjizLFgMBAgABAAH8AwNBPsdw19xPZmwn4MTofE7KpZzlehZ2ryKsHoehtt8SkyAtuuVLu0IaXHkCuJfDbS+MIlAXHQF7wFtqpJjA8h8AEwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAABgAFgAAE2FwcC1tZWFzdXJlbWVudC5jb20AFwAAACMA2gB3xmugirq4ty3TFMj+47dZbYBXktcQ\/Fy823lCDlYKB2I9H4xj09kCGfGET468Pn7WKGmpHa+d4io34b79G4zdduOMVQjYCVWJd2+svjjieR2WmccqyJfAVJDiSGaILG39AMxmPrLGKG+W90qFvZ+sjOk1xBxZC4lq\/vWERh9dI8LaVYFE2i7VMlSVzcW5MKdEpuvpZDk7ugj4\/NffY7m0Pt8V62OtFaSYvEHuUpsBuuh2p0N2Bnn0v0DCnV5O+4x\/YpKAcbs0\/4gq2kI7gwNYwqLZdKvB5cFAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAYABUATgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646850574,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646850574,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646851668,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1527155646855196,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646855196,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"} +01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1527155646860573,"pkt":"AA6OMNv9MAdNo1+nCABFAAI5QKtAAEAGczPAqAARrNkXTqq2Abu2kyjV4Kxf1YAYAq1z5wAAAQEICgAhaICjjizLFgMBAgABAAH8AwNBPsdw19xPZmwn4MTofE7KpZzlehZ2ryKsHoehtt8SkyAtuuVLu0IaXHkCuJfDbS+MIlAXHQF7wFtqpJjA8h8AEwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAABgAFgAAE2FwcC1tZWFzdXJlbWVudC5jb20AFwAAACMA2gB3xmugirq4ty3TFMj+47dZbYBXktcQ\/Fy823lCDlYKB2I9H4xj09kCGfGET468Pn7WKGmpHa+d4io34b79G4zdduOMVQjYCVWJd2+svjjieR2WmccqyJfAVJDiSGaILG39AMxmPrLGKG+W90qFvZ+sjOk1xBxZC4lq\/vWERh9dI8LaVYFE2i7VMlSVzcW5MKdEpuvpZDk7ugj4\/NffY7m0Pt8V62OtFaSYvEHuUpsBuuh2p0N2Bnn0v0DCnV5O+4x\/YpKAcbs0\/4gq2kI7gwNYwqLZdKvB5cFAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAYABUATgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646860573,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646861661,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646861661,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SUsAADoGspis2RdOwKgAEQG7qrbgrF\/VtpMq2oAQAKrpygAAAQEICqOOLNYAIWiA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646861661,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646861661,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SUsAADoGspis2RdOwKgAEQG7qrbgrF\/VtpMq2oAQAKrpygAAAQEICqOOLNYAIWiA"} 01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646862539,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1527155646862539,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646968117,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968117,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968117,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646968117,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_805741c9._sub._googlecast._tcp.local","mdns": {}}} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646968177,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968177,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646968177,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968177,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 00732{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155647500374,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1527155647500374,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1527155647500374,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="} 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500374,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155647500374,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1527155647500402,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1527155647500402,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648481643,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1527155648481643,"pkt":"AA6OMNv9MAdNo1+nCABFAABEJLZAAEARlILAqAARwKgAD61YADUAMDkH00kBAAABAAAAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAQ=="} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1527155648481643,"pkt":"AA6OMNv9MAdNo1+nCABFAABEJLZAAEARlILAqAARwKgAD61YADUAMDkH00kBAAABAAAAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAQ=="} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648481643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648481643,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"venetia.iad.appboy.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1527155648506661,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1527155648506661,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"} 01059{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1527155648506661,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"venetia.iad.appboy.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648513495,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648513495,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648513495,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648513495,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648523699,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1527155648526879,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648526879,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} -00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155648533128,"pkt":"AA6OMNv9MAdNo1+nCABFAADscjJAAEAGbjnAqAARl2UBgtnCAbvgBRguc5vxF4AYAq0GIgAAAQEICgAhaiLIDMgpFgMBALMBAACvAwNMJ7CvztfSmUaRPcK3z4cAvGSi2\/cpgw4T9New8B2\/AwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAbABkAABZ2ZW5ldGlhLmlhZC5hcHBib3kuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648513495,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648513495,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648523699,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1527155648526879,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648526879,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} +00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155648533128,"pkt":"AA6OMNv9MAdNo1+nCABFAADscjJAAEAGbjnAqAARl2UBgtnCAbvgBRguc5vxF4AYAq0GIgAAAQEICgAhaiLIDMgpFgMBALMBAACvAwNMJ7CvztfSmUaRPcK3z4cAvGSi2\/cpgw4T9New8B2\/AwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAbABkAABZ2ZW5ldGlhLmlhZC5hcHBib3kuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648533128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648543275,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648543275,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0OTlAADoGreqXZQGCwKgAEQG72cJzm\/EX4AUY5oAQADvpRQAAAQEICsgMyC4AIWoi"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648543275,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648543275,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0OTlAADoGreqXZQGCwKgAEQG72cJzm\/EX4AUY5oAQADvpRQAAAQEICsgMyC4AIWoi"} 01108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648544884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155648544884,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1527155666982912,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982912,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1527155666982983,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982983,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1527155666982912,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982912,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1527155666982983,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982983,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 02018{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155670525718,"flow_dst_last_pkt_time":1527155666299937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":2467,"flow_dst_tot_l4_payload_len":404,"midstream":1,"thread_ts_usec":1527155670525718,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":97,"avg":1934444.6,"max":10701681,"stddev":2902413.2,"var":8424002682880.0,"ent":3.5,"data": [54240,95930,270,43992,41788,57048,16087,92087,91609,10563926,10701681,4192149,4152724,4422076,4422070,309467,309552,21641,197002,97,215011,3974475,3934854,3635331,52554,3635290,52615,12721,140816,167507,4361173]},"pktlen": {"min":52,"avg":141.7,"max":582,"stddev":133.2,"var":17739.8,"ent":4.5,"data": [153,108,52,128,52,494,116,52,120,52,149,52,146,52,146,52,391,52,150,52,136,52,146,52,146,410,52,52,150,136,52,582]},"bins": {"c_to_s": [4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0],"entropies": [6.431744576,6.016238213,4.829590321,6.209959030,4.955154419,7.559208393,6.096168518,5.008132935,6.149723053,4.916692734,6.302158833,4.921030998,6.449830055,4.959492207,6.525306225,4.921030521,7.398088932,4.997953892,6.476407528,4.969671726,6.289449215,4.997953892,6.509795189,4.997953892,6.393223286,7.421437263,4.997953892,4.997953892,6.452959538,6.382457256,4.997953892,7.597495079]}} 00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155670525718,"flow_dst_last_pkt_time":1527155666299937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":2467,"flow_dst_tot_l4_payload_len":404,"midstream":1,"thread_ts_usec":1527155670525718,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155670525718,"flow_dst_last_pkt_time":1527155666299937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":2467,"flow_dst_tot_l4_payload_len":404,"midstream":1,"thread_ts_usec":1527155670525718,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670632131,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670632131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670632131,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670632131,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670632131,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670632131,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670632131,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155670640484,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} +00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155670640484,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} 00902{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155670640484,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640484,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155670640566,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155670640566,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} 00899{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670640566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155670640566,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670640613,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670663972,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670672314,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="} -00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670673581,"flow_idle_time":200000000,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155670673581,"pkt":"MAdNo1+nAA6OMNv9CABFAABofVBAACsR+pISyQQgwKgAER8xuEMAVGj37fYMAAEArBk1jI9k5EcyQ3xeQ7iuOZKRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1527155670673838,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155670673838,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoFAAEAGCKHAqAAREskEILFwAbuQXSU4zKxZYoAQAq28sQAAAQEICgAhf78AWtCx"} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670640484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670640613,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670632131,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155670663972,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155670672314,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1527155670640613,"flow_dst_last_pkt_time":1527155670673581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155670673581,"pkt":"MAdNo1+nAA6OMNv9CABFAABofVBAACsR+pISyQQgwKgAER8xuEMAVGj37fYMAAEArBk1jI9k5EcyQ3xeQ7iuOZKRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1527155670673838,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155670673838,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoFAAEAGCKHAqAAREskEILFwAbuQXSU4zKxZYoAQAq28sQAAAQEICgAhf78AWtCx"} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671066998,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671066998,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671066998,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671066998,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="} -00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671140889,"flow_dst_last_pkt_time":1527155670673581,"flow_idle_time":200000000,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155671140889,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfNBAAEAR5NXAqAAREskEILhDHzEBCYn27fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABACAKg7kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB0003hcgpcmSdQZoJFj9c3crNvbbzPmA66eL1DRMEucxiwDMA5JhH5EzU3oJcu6XrgTfyNvrAIA0DorhgznjXYQAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} -00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671140889,"flow_dst_last_pkt_time":1527155671173842,"flow_idle_time":200000000,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155671173842,"pkt":"MAdNo1+nAA6OMNv9CABFAABofl9AACsR+YMSyQQgwKgAER8xuEMAVG317fYMAAIArBk1jI9k5EcyQ3xeQ7ioO5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671237849,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1527155671240677,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671240677,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} -00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"thread_ts_usec":1527155671250450,"pkt":"AA6OMNv9MAdNo1+nCABFAADpFZFAAEAG0VPAqAARNrtbtr+YAbtog5WtghP4IoAYAq2yzwAAAQEICgAhgFEsBh44FgMBALABAACsAwNpu8fyH0bmBuIhI45OMI2QAejACKsvR53r1YItFVUgZgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABn\/wEAAQAAAAAYABYAABNicmFoZS5hcHB0aW1pemUuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671066998,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671066998,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="} +00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671140889,"flow_dst_last_pkt_time":1527155670673581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155671140889,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfNBAAEAR5NXAqAAREskEILhDHzEBCYn27fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABACAKg7kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB0003hcgpcmSdQZoJFj9c3crNvbbzPmA66eL1DRMEucxiwDMA5JhH5EzU3oJcu6XrgTfyNvrAIA0DorhgznjXYQAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671140889,"flow_dst_last_pkt_time":1527155671173842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155671173842,"pkt":"MAdNo1+nAA6OMNv9CABFAABofl9AACsR+YMSyQQgwKgAER8xuEMAVG317fYMAAIArBk1jI9k5EcyQ3xeQ7ioO5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671237849,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1527155671240677,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671240677,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"thread_ts_usec":1527155671250450,"pkt":"AA6OMNv9MAdNo1+nCABFAADpFZFAAEAG0VPAqAARNrtbtr+YAbtog5WtghP4IoAYAq2yzwAAAQEICgAhgFEsBh44FgMBALABAACsAwNpu8fyH0bmBuIhI45OMI2QAejACKsvR53r1YItFVUgZgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABn\/wEAAQAAAAAYABYAABNicmFoZS5hcHB0aW1pemUuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} 01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671250450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671421054,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671421054,"pkt":"MAdNo1+nAA6OMNv9CABFAAA05kFAAOYGW1c2u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG4d1gAAAQEICiwGHmYAIYBR"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671421054,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671421054,"pkt":"MAdNo1+nAA6OMNv9CABFAAA05kFAAOYGW1c2u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG4d1gAAAQEICiwGHmYAIYBR"} 01185{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423359,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155671423359,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}} 01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423665,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155671423665,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}} 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":326,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155675775126,"flow_dst_last_pkt_time":1527155675692683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2947,"flow_dst_tot_l4_payload_len":930,"midstream":0,"thread_ts_usec":1527155675775126,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":129,"avg":328607.8,"max":525007,"stddev":210300.8,"var":44226416640.0,"ent":4.6,"data": [129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810]},"pktlen": {"min":48,"avg":149.2,"max":285,"stddev":100.4,"var":10086.1,"ent":4.7,"data": [285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677865795,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoJAAEAGCKDAqAAREskEILFwAbuQXSU4zKxZYoARAq21qAAAAQEICgAhhscAWtCx"} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677897422,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0iblAACsG7mgSyQQgwKgAEQG7sXDMrFlikF0lOYARANKbQAAAAQEICgBa7PMAIYbH"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677865795,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoJAAEAGCKDAqAAREskEILFwAbuQXSU4zKxZYoARAq21qAAAAQEICgAhhscAWtCx"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677897422,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0iblAACsG7mgSyQQgwKgAEQG7sXDMrFlikF0lOYARANKbQAAAAQEICgBa7PMAIYbH"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679410348,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679410348,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679410348,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679410348,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155679411371,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} +00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1527155679411371,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} 00901{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155679411371,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411371,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679411435,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679411435,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} 00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155679411435,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679411435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155679411435,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679413920,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1527155679413920,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679413995,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="} -00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679443071,"flow_idle_time":200000000,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155679443071,"pkt":"MAdNo1+nAA6OMNv9CABFAABopnVAACsR0YoSyQQDwKgAER8xlS4AVO7dBbgMAAEANRj1GJhk5EcyQ3xeLpX3W5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679443387,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679443387,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwpnZAACsR0cESyQQDwKgAER8zlS4AHM86BbgaADUY9RiYZORHMkN8Xi6VAMg="} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679443640,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeDcSyQQDwKgAEQG7g9B0pK754BrfMKASaN\/EGgAAAgQFtAQCCAoA5FGtACGISQEDAwc="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679444692,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155679444692,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679445375,"flow_idle_time":200000000,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679445375,"pkt":"MAdNo1+nAA6OMNv9CABFAAA+pnhAACsR0bESyQQDwKgAER8xlS4AKrsaBbgLAPtbkpFjAQAAwWCSkWMBAAAAAAAAAAAAAAAAAAAAAA=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679413920,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1527155679413920,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679411371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679413995,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679443071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1527155679443071,"pkt":"MAdNo1+nAA6OMNv9CABFAABopnVAACsR0YoSyQQDwKgAER8xlS4AVO7dBbgMAAEANRj1GJhk5EcyQ3xeLpX3W5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679411435,"flow_dst_last_pkt_time":1527155679443387,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1527155679443387,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwpnZAACsR0cESyQQDwKgAER8zlS4AHM86BbgaADUY9RiYZORHMkN8Xi6VAMg="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1527155679410348,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155679443640,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeDcSyQQDwKgAEQG7g9B0pK754BrfMKASaN\/EGgAAAgQFtAQCCAoA5FGtACGISQEDAwc="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1527155679444692,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155679444692,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1527155679413995,"flow_dst_last_pkt_time":1527155679445375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1527155679445375,"pkt":"MAdNo1+nAA6OMNv9CABFAAA+pnhAACsR0bESyQQDwKgAER8xlS4AKrsaBbgLAPtbkpFjAQAAwWCSkWMBAAAAAAAAAAAAAAAAAAAAAA=="} 00925{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1527155647500374,"flow_src_last_pkt_time":1527155647500402,"flow_dst_last_pkt_time":1527155647500374,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155680456436,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":396,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1527155679411371,"flow_src_last_pkt_time":1527155683480847,"flow_dst_last_pkt_time":1527155683453495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1527155683480847,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":261664.5,"max":531417,"stddev":244884.4,"var":59968385024.0,"ent":4.1,"data": [2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424]},"pktlen": {"min":40,"avg":129.8,"max":285,"stddev":99.7,"var":9932.1,"ent":4.6,"data": [285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0],"entropies": [6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685097548,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2hAAEAGC9fAqAAREskEA4PQAbvgGt8wdKSu+oARAq1TiwAAAQEICgAhjdYA5FGt"} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685130784,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0\/ypAACsGeRQSyQQDwKgAEQG7g9B0pK764BrfMYARANI\/LQAAAQEICgDkZ+UAIY3W"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155679443640,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685097548,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2hAAEAGC9fAqAAREskEA4PQAbvgGt8wdKSu+oARAq1TiwAAAQEICgAhjdYA5FGt"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1527155685097548,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155685130784,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0\/ypAACsGeRQSyQQDwKgAEQG7g9B0pK764BrfMYARANI\/LQAAAQEICgDkZ+UAIY3W"} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685529875,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155685529875,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155685529875,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685529875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685529875,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1527155685530485,"pkt":"MAdNo1+nAA6OMNv9CABFAABMZZhAAEARU5jAqAAPwKgAEQA1w7EAOLypiEKBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAABfAATYOs1k"} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1527155685530485,"pkt":"MAdNo1+nAA6OMNv9CABFAABMZZhAAEARU5jAqAAPwKgAEQA1w7EAOLypiEKBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAABfAATYOs1k"} 01061{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155685529875,"flow_src_last_pkt_time":1527155685529875,"flow_dst_last_pkt_time":1527155685530485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1527155685530485,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}}} 00729{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685757293,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1480,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1480,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685757293,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} -02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1527155685757293,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} +02457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1527155685757293,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} 00897{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155685757293,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757293,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1480,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1480,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155685757293,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.196204}} -02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757669,"flow_idle_time":140000000,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1527155685757669,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} +02457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1527155685757293,"flow_dst_last_pkt_time":1527155685757669,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1527155685757669,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} 00944{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00944{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":23,"total-detection-updates":20,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":172,"global_ts_usec":1648952182644000} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952182644000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648952183355000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183355000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QZ5AAD8GBojAqAJkNAD8kb4yEJT33RMWfeqQX4AQAKy2OQAAAQEICm8PUPPnVjzb"} -00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648952183458000,"pkt":"eJS0JASgYDjgxTWgCABFAACUQZ9AAD8GBifAqAJkNAD8kb4yEJT33RMWfeqQX4AYAKw98gAAAQEICm8PUWHnVjzbYACt1NwX\/P8DgFkACgAAAAAAAACt1NwXqfy95n8dmIxsOcPbEcApVCIa7TQDCAAAAHxwKcmDlptZSFIqb2LFpylXQd33SzJWC9HYL+qoRBViMwBU+bGR6kn7TggAAcQJ"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648952183355000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183355000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QZ5AAD8GBojAqAJkNAD8kb4yEJT33RMWfeqQX4AQAKy2OQAAAQEICm8PUPPnVjzb"} +00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648952183458000,"pkt":"eJS0JASgYDjgxTWgCABFAACUQZ9AAD8GBifAqAJkNAD8kb4yEJT33RMWfeqQX4AYAKw98gAAAQEICm8PUWHnVjzbYACt1NwX\/P8DgFkACgAAAAAAAACt1NwXqfy95n8dmIxsOcPbEcApVCIa7TQDCAAAAHxwKcmDlptZSFIqb2LFpylXQd33SzJWC9HYL+qoRBViMwBU+bGR6kn7TggAAcQJ"} 00897{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183458000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952183563000,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183563000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fqdAAOcGIX40APyRwKgCZBCUvjJ96pBf990TdoAQADWytAAAAQEICudWQAlvD1Fh"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952183563000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183563000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fqdAAOcGIX40APyRwKgCZBCUvjJ96pBf990TdoAQADWytAAAAQEICudWQAlvD1Fh"} 00764{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155640080793,"flow_dst_last_pkt_time":1527155640252435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":366,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":5690,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00943{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640836078,"flow_dst_last_pkt_time":1527155641008759,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":367,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":5441,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00924{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} @@ -208,15 +208,15 @@ 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":20,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_usec":1648954023554000} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1648954023691000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023691000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06GtAAD8GYEnAqAJkNAD8AqDgFHo59lPNNas2PoAQAKx7IAAAAQEICtdSBfViDhmE"} -00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1648954023691000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023691000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06GtAAD8GYEnAqAJkNAD8AqDgFHo59lPNNas2PoAQAKx7IAAAAQEICtdSBfViDhmE"} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"} 00895{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":20,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":217,"global_ts_usec":1648968035683000} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"} 00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00937{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} @@ -235,5 +235,5 @@ ~~ total allocations/frees...: 123260/123260 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 490 chars -~~ json string max len.......: 2445 chars -~~ json string avg len.......: 1467 chars +~~ json string max len.......: 2462 chars +~~ json string avg len.......: 1476 chars |