aboutsummaryrefslogtreecommitdiff
path: root/test/results/wa_voice.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/wa_voice.pcap.out')
-rw-r--r--test/results/wa_voice.pcap.out16
1 files changed, 8 insertions, 8 deletions
diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out
index e286287bc..b55763fff 100644
--- a/test/results/wa_voice.pcap.out
+++ b/test/results/wa_voice.pcap.out
@@ -23,7 +23,7 @@
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1561455688704143,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455688744885,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1561455688841176,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455688841176,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"}
00866{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455689011542,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689011542,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01563{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455689377891,"flow_dst_last_pkt_time":1561455689390636,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":6993,"midstream":0,"thread_ts_usec":1561455689390636,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":1,"flow_avg":43878.7,"flow_max":304081,"flow_stddev":76394.5,"c_to_s_min":5,"c_to_s_avg":42109.2,"c_to_s_max":210132,"c_to_s_stddev":71176.7,"s_to_c_min":1,"s_to_c_avg":45766.2,"s_to_c_max":304081,"s_to_c_stddev":81550.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":112.4,"c_to_s_max":352,"c_to_s_stddev":85.0,"s_to_c_min":66,"s_to_c_avg":532.7,"s_to_c_max":1454,"s_to_c_stddev":603.5},"bins": {"c_to_s": [11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+01694{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455689377891,"flow_dst_last_pkt_time":1561455689390636,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":6993,"midstream":0,"thread_ts_usec":1561455689390636,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":43878.7,"max":304081,"stddev":76394.5,"var":5836114944.0,"ent":3.2,"data": [40742,137033,170366,304081,130232,56,30959,5260,28,391,1,177,42,1186,210132,335,9,41,206,11,311,41447,129925,50,6,6,5,1043,24269,131853,38,0]},"pktlen": {"min":66,"avg":309.4,"max":1454,"stddev":467.5,"var":218553.5,"ent":3.9,"data": [78,74,66,322,66,123,117,151,1454,106,1454,169,1454,178,1454,66,66,66,66,66,66,66,1059,98,112,133,96,125,66,352,66,66]},"bins": {"c_to_s": [11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1561455689728258,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="}
01023{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -35,7 +35,7 @@
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1561455690036803,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455690036803,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"}
01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455690039586,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455690058075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455690058075,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.3","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01578{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":95,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690224696,"flow_dst_last_pkt_time":1561455690224643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":7979,"midstream":0,"thread_ts_usec":1561455690224696,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":1,"flow_avg":21034.6,"flow_max":163286,"flow_stddev":47564.2,"c_to_s_min":5,"c_to_s_avg":19721.6,"c_to_s_max":145211,"c_to_s_stddev":44661.9,"s_to_c_min":1,"s_to_c_avg":22535.2,"s_to_c_max":163286,"s_to_c_stddev":50636.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":145.0,"c_to_s_max":583,"c_to_s_stddev":143.8,"s_to_c_min":66,"s_to_c_avg":598.5,"s_to_c_max":1454,"s_to_c_stddev":615.6},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01694{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":95,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690224696,"flow_dst_last_pkt_time":1561455690224643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":7979,"midstream":0,"thread_ts_usec":1561455690224696,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":21034.6,"max":163286,"stddev":47564.2,"var":2262348544.0,"ent":2.5,"data": [19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,250,1,16,17472,279,12,8,2386,284,150,389,567,0,0]},"pktlen": {"min":66,"avg":357.6,"max":1454,"stddev":489.7,"var":239839.3,"ent":4.0,"data": [78,74,66,583,66,1454,1454,349,66,66,130,112,109,101,402,325,66,237,140,97,66,114,498,66,66,66,66,1454,66,1454,1454,97]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455701309996,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455701309996,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00961{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455701309996,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
00869{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455701309996,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455701309996,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -98,7 +98,7 @@
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1561455707513528,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455707513528,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"}
01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707524675,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707564246,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455707564246,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","tls": {"version":"TLSv1.3","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01573{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":293,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707778028,"flow_dst_last_pkt_time":1561455707778471,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":9370,"midstream":0,"thread_ts_usec":1561455707778471,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":5,"flow_avg":19593.0,"flow_max":129132,"flow_stddev":30818.3,"c_to_s_min":136,"c_to_s_avg":20231.3,"c_to_s_max":129132,"c_to_s_stddev":33129.9,"s_to_c_min":5,"s_to_c_avg":18994.6,"s_to_c_max":77447,"s_to_c_stddev":28468.3},"pktlen": {"c_to_s_min":66,"c_to_s_avg":124.8,"c_to_s_max":583,"c_to_s_stddev":127.3,"s_to_c_min":66,"s_to_c_avg":652.1,"s_to_c_max":1454,"s_to_c_stddev":631.5},"bins": {"c_to_s": [10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+01712{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":293,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707778028,"flow_dst_last_pkt_time":1561455707778471,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":9370,"midstream":0,"thread_ts_usec":1561455707778471,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":5,"avg":19593.0,"max":129132,"stddev":30818.3,"var":949767616.0,"ent":3.5,"data": [37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120,0]},"pktlen": {"min":66,"avg":388.4,"max":1454,"stddev":526.3,"var":277041.4,"ent":4.0,"data": [78,74,66,583,66,1454,1454,347,66,66,130,112,109,101,258,237,140,66,66,97,66,97,66,101,66,66,516,66,1454,1454,1454,1454]},"bins": {"c_to_s": [10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1561455709888553,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1561455709888553,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1561455709890098,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455709890098,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1561455709984212,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455709984212,"pkt":"AQBef\/\/6kLkxKPrKCABFAACggMsAAAIRhNPAqAIM7\/\/\/+vzMB2wAjOY9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
@@ -114,14 +114,14 @@
01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="}
00961{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
-01589{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":1,"flow_avg":1588209.8,"flow_max":12196243,"flow_stddev":3050402.8,"c_to_s_min":58,"c_to_s_avg":2237341.5,"c_to_s_max":12194152,"c_to_s_stddev":3446690.5,"s_to_c_min":1,"s_to_c_avg":1231187.4,"s_to_c_max":12196243,"s_to_c_stddev":2744019.2},"pktlen": {"c_to_s_min":48,"c_to_s_avg":108.0,"c_to_s_max":168,"c_to_s_stddev":60.0,"s_to_c_min":44,"s_to_c_avg":133.6,"s_to_c_max":320,"s_to_c_stddev":98.7},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01763{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546,0]},"pktlen": {"min":44,"avg":124.0,"max":320,"stddev":87.2,"var":7598.9,"ent":4.7,"data": [168,168,86,86,48,44,168,168,86,86,48,44,48,44,48,44,48,44,88,68,246,275,254,164,320,248,316,48,44,168,168,86]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731665769,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="}
01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732298035,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1561455732919461,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732919461,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="}
-01717{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":2,"flow_avg":182324.6,"flow_max":1203723,"flow_stddev":228895.9,"c_to_s_min":2,"c_to_s_avg":165972.9,"c_to_s_max":623635,"c_to_s_stddev":170556.0,"s_to_c_min":2967,"s_to_c_avg":202180.3,"s_to_c_max":1203723,"s_to_c_stddev":282793.3},"pktlen": {"c_to_s_min":68,"c_to_s_avg":146.1,"c_to_s_max":213,"c_to_s_stddev":41.7,"s_to_c_min":86,"s_to_c_avg":175.5,"s_to_c_max":315,"s_to_c_stddev":58.1},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01907{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448,0]},"pktlen": {"min":68,"avg":158.9,"max":315,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [86,86,86,86,86,86,213,274,164,175,315,151,173,173,147,163,150,164,186,178,169,173,178,184,164,68,164,164,170,164,153,193]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00915{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455737893179,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_homekit._tcp.local","mdns": {}}}
00924{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455737895397,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455737895397,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_homekit._tcp.local","mdns": {}}}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455738163757,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455738163757,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -180,9 +180,9 @@
~~ total active/idle flows...: 28/28
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6136319 bytes
-~~ total memory freed........: 6136319 bytes
-~~ total allocations/frees...: 122550/122550
+~~ total memory allocated....: 6123327 bytes
+~~ total memory freed........: 6123327 bytes
+~~ total allocations/frees...: 122494/122494
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 493 chars
~~ json string max len.......: 2484 chars
Powered by cgit, Themed by Ted Yin.